[Date Prev][Date Next] [Chronological] [Thread] [Top]

Does dnattr work?

To: openldap-software@OpenLDAP.org
Subject: Does dnattr work?
From: Adam Jacob <adam@sysadminsith.org>
Date: Wed, 30 May 2001 16:17:18 -0700
Content-disposition: inline
User-agent: Mutt/1.2.4i

I posted a question about some OpenLDAP ACL's here a few days back;
specifically, the use of the dnattr option.  I've been totally unsuccessfull
in getting the "dnattr" feature to work right.

In a rule like this:

access to dn="cn=.*,ou=lists,ou=people,dc=go2net,dc=com"
        by group="cn=administrators,ou=security,dc=go2net,dc=com" write
        by group="cn=mailadmin,ou=security,dc=go2net,dc=com" write
        by dnattr=owner write
        by anonymous read
        by * read

With the "owner" field set to:

owner: uid=adam,ou=people,dc=go2net,dc=com

If I bind to the directory as that user, I get permission denied for writing.
I've gotten several personal messages since I posted the question, basically
saying "Yeah, I have the same problem, no idea"... so, is there anyone out
there successfully using the dnattr function?  Is there some magic bit that
needs to be flipped to make it work?  An attribute that's missing? 

Adam

-- 
adam@sysadminsith.org - (http://sysadminsith.org)
Evil Lord of the Sysadmin Sith Darth Rmdashrf

Prev by Date: Re: libgdbm.so.2 not found on Solaris 7
Next by Date: Re: Newbie Ldap and Outlook Address Book
Index(es):
- Chronological
- Thread