[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Does dnattr work?

To: OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: Re: Does dnattr work?
From: Pierangelo Masarati <masarati@aero.polimi.it>
Date: Fri, 01 Jun 2001 08:07:27 +0200
Organization: Dipartimento di Ingegneria Aerospaziale
References: <20010530161718.I73884@sysadminsith.org> <3B16EBDA.EB08F58C@vr1.com>

Les Barstow wrote:

> I have the following in my OpenLDAP setup (under both 1.2.9 and 2.0.x):
>
> access to dn=".*"
>  by group="cn=LDAP Administrators,ou=Groups,dc=vr1,dc=com" write
>  by dnattr=owner write
>  by * read
>
> with a sample owner as:
> owner: uid=theowner,ou=People,dc=vr1,dc=com
>
> This has been working fine for me, although I vaguely remember a lot of
> bitching and moaning on my part until it worked...

You should make sure that the ACL gets triggered; since ACLs are processed
in the order they're given, if another rule matches first, then the rule you're
considering doesn't get invoked at all. You may need to activate ACL-related
logs, -d 128 (or "debug acl detail{1|2}" if you're using new log).

Pierangelo.

--
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati

References:
- Re: Does dnattr work?
  - From: Les Barstow <lbarstow@vr1.com>

Prev by Date: cn/approx in openldap 2.0.11
Next by Date: Re: LDAP and WinNT Authentication
Index(es):
- Chronological
- Thread