[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL domain= question

To: Peter Furmonavicius <peter.furmonavicius@yale.edu>
Subject: Re: ACL domain= question
From: Michael Bartosh <mbartosh@4am-media.com>
Date: Tue, 29 Apr 2003 11:28:38 -0600 (MDT)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <p05210600bad462ff5333@[130.132.59.57]>
References: <p05210600bad462ff5333@[130.132.59.57]>


On Tue, 29 Apr 2003, Peter Furmonavicius wrote:

> Hello.  I am running OpenLDAP on MacOS X (10.2.5).  I am frustrated
> in trying to get something to "work" that should be fairly simple.  I
> have not been able to see anything in previous discussions that helps
> me, so I have decided to write to you all.  Simply put, suppose I
> have a given attribute, called "telephoneNumber" for example.  What
> ACL should I use that allows everyone from my local domain to view
> the telephoneNumber attribute, but no one else to?  I have tried just
> about everything that I can think of,  but can't seem to get it
> right.  Can someone shed some light on this?  I appreciate it.

Are you running the bundled OpenLDAP?

Luke may be able to answer more completely- but I believe back-netinfo
adhere's to netinfo authorizathion scemantics by default, and in order to
apply acl's you need to remove flags
DSENGINE_FLAGS_NATIVE_AUTHORIZATION

from slapd.conf.

Keep in mind that unless you've denied access to netinfo, remote parties
can still:

nireport -t server/network /users name phonenumber

-mab


>
> access to attr=telephoneNumber
>       by domain=/\.yale\.edu$/ read
>       by * none
>
> Thanks,
>
> - Peter
>
>

References:
- ACL domain= question
  - From: Peter Furmonavicius <peter.furmonavicius@yale.edu>

Prev by Date: Re: ACL domain= question
Next by Date: Re: SASL/GSSAPI authentication problems - Invalid credentials
Index(es):
- Chronological
- Thread