[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL doesn't work

To: "Zamangoer, Ferruh" <ferruh.zamangoer@materna.de>
Subject: Re: ACL doesn't work
From: Craig Squires <csquires@math.mun.ca>
Date: Wed, 20 Mar 2002 13:45:18 -0330 (NST)
Cc: OpenLDAP-software@OpenLDAP.org
In-reply-to: <E0794096D6C9D511924C0050DA09F350164C07@gallileo.materna-ffm.de>

Hi,

Try:

defaultaccess  none

access to attr=userpassword
       by self write
       by dn="cn=admin,dc=iqdoq,dc=de" write
       by * none

access to attr=*
       by self read
       by dn="cn=admin,dc=iqdoq,dc=de" write
       by * none

I think there's a default 'by * none' added anyway, but I guess it doesn't
hurt to be explicit.

Craig

On Wed, 20 Mar 2002, Zamangoer, Ferruh wrote:

> Hi All ,
> 
> I have the following problems I want to define a ACL, which allows every
> user to read,serach only his own data my ACL is:
> 
> 
> 
> defaultaccess  none
> 
> #Everybody can read his own(self) data 
> access to attr=*
>         by self read  (I remember that read contains search and compare) 
>         
> # that only everyone self and the admin can change the password (1)
> access to attr=userpassword
>        by self write
>        by dn="cn=admin,dc=iqdoq,dc=de" write
>        by self read
> 
> #that nobody have access to admin(2)
> access to dn="cn=admin,dc=iqdoq,dc=de"
>        by * none
> 
> 
> If I use the defaultaccess read and deactivate (1)(2) I can search and
> becomes hits. But I can read information from everybody, how can I solve
> them.
> 
> 
> please can anybody help ????
> 
> 
> thanks in advance
> 
> Ferruh
> 

-- 
........................................................................
$Id: mathdeptsysadmin,v 1.0 Wed Mar 20 13:32:35 2002 Craig Squires Exp $

References:
- ACL doesn't work
  - From: "Zamangoer, Ferruh" <ferruh.zamangoer@materna.de>

Prev by Date: Question: Qmail-LDAP-Control, 'Resource Temporarily Unavailable'
Next by Date: ldapmodify / ldif / sizing
Index(es):
- Chronological
- Thread