RE: slapd.conf - acl question

["Douglas B. Jones" <douglas@gpc.edu>]

Hi,

Thanks! Even reading slapd.conf, I never (like a fool) paid
attention to the slapd.access that it kept referring to and
read that man page in detail. I probably was mentioned in
other helpful emails and I assumed slapd.conf instead of slapd.access.

Once again, thanks for the key.

Cheers,
Douglas

-----Original Message-----
From: Peter Marschall [mailto:peter@adpm.de]
Sent: Friday, September 19, 2003 8:44 AM
To: Douglas B. Jones; OpenLDAP-software@OpenLDAP.org
Subject: Re: slapd.conf - acl question


Hi,

On Thursday 18 September 2003 19:31, Douglas B. Jones wrote:
> My main concerns here are:
>
> 1) why is the key word 'entry' not mentioned in the doc?

man slapd.access

slapd.acess (5) is the man page that explains the access controls
statements in slapd.conf in detail.

> 2) what is its' significance?

"access to the entry itself"
Other directory servers call this kind of access "Browse Rights"

> 3) should I not be using it and doing this another way?

Why ? It is a documented part of the access control system.

> 4) the fact that it does return a dn, is that a security problem?

It allows browsing the DIT where you allow it.
If the DNs in parts of your DIT contain confidential information you should
restrict access to this part of the DIT (including the entry pseudo
attributes) to truested users


Peter

--
Peter Marschall
eMail: peter@adpm.de