[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: Newbie ACL questions

To: openldap <openldap-software@OpenLDAP.org>
Subject: Fwd: Newbie ACL questions
From: marcel@wiwo.nl
Date: Tue, 26 Feb 2002 10:19:44 +0100 (CET)

Hi All,

After collecting lots of information, I'm now busy populating an
OpenLDAP 2.0.21 server. With it, the need for ACLs is growing.

I've read the Admin guide, I also found several related messages in the
mailing archive, but somehow I don't get quite the wanted result.

As I experience, ACL works as follows:

1) The ACL-lines are processed in order
2) If the <what> clause matches, rules are applied
3) No more ACL lines are processed!!

This is what I want, and what ACLs I've put together:

I do want users to access their own entry, and entries which has their
db in the attribute 'owner', but they are not allowed to browse the tree


access to *
	by self read
	by anonymous auth


I do want to authenticate against LDAP, but I don't want anonymous
read access to the tree.

access to dn="" 
	by anonymous auth

However, my authenticated users can't get any ainfo any more!

Final question:

How do I obtain my own entry? A simple filter like:

dn="cn=my name,ou=people,dc=wiwo,dc=nl" returns 0 hits

I'm sure there is a simple way to do this, but it's so simple it isn't
mentioned anywhere in the docs (or I just overlooked...)

Can anyone help?

Regards,

Marcel

-- 
---------------------------------------------------------------
ing. Marcel van Dorp (CCDP, CCNP+security)   http://www.wiwo.nl
WiWo Support                                 tel. 071-523 77 91
Postbus 1098                                 fax  071-523 77 94
2340 BB Oegstgeest                           gsm  0653-50 77 76
---------------------------------------------------------------

Follow-Ups:
- Re: Fwd: Newbie ACL questions
  - From: Stephan Siano <stephan.siano@suse.de>

Prev by Date: schema v2 to schema v3
Next by Date: schema v2 to schema v3
Index(es):
- Chronological
- Thread