[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to permit access to some attributes

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: ACL to permit access to some attributes
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Sat, 03 Apr 2004 00:20:22 +0200
In-reply-to: <248978692.1080910549@cadabra.stanford.edu>
Organization: Billy
References: <406852D1.17DBB92B@fadesa.es> <2676543445.1080555809@cadabra.stanford.edu> <4069B1E0.3FFC53A@fadesa.es> <2761852313.1080641120@cadabra.stanford.edu> <406AAEA3.8FBFF216@fadesa.es> <65169568.1080726736@cadabra.stanford.edu> <406C438F.5B39E4AA@fadesa.es> <310260340.1080815810@cadabra-dsl.stanford.edu> <406D3EB1.29433DCB@fadesa.es> <1080908844.31403.24.camel@localhost> <241216831.1080902787@cadabra.stanford.edu> <1080936288.2211.31.camel@localhost> <248978692.1080910549@cadabra.stanford.edu>

fre, 02.04.2004 kl. 22.55 skrev Quanah Gibson-Mount:

> These are his current acl's:
> 
> access to dn.base=""
> by * read
> by * break
> 
> access to dn.base="cn=Subschema"
> by * read
> by * break
> 
> access to dn.children="dc=fadesa,dc=es" attrs=objectclass,mail
> by * read
> 
> Those have the base DN in where needed. ;)

Ah. I never saw that. The southern British have an expression "picking
up fag-ends" (something like "picking up old stogies" in Am. Eng.) and
means poking one's nose in.  That's what I was.

> What he said was, I saw this ACL as an example:
> 
> access to attrs=userPassword
>         by self write
>         by dn.exact="cn=admin,ou=users,dc=domain" write
>         by anonymous auth
> 
> Not that he was using it. ;)

Probably just as well :(

> >> Also, it is attrs= not attr= :)
> >
> > *shrug* - both work; I use attr for one, attrs for more than one.
> 
> Hm, I'll have to remember that... I don't see attr= documented in 
> slapd.access, I wonder if that is a bug.

Actually, I never discovered "attrs" until about a year ago.

--Tonni

-- 

mail: billy - at - billy.demon.nl
http://www.billy.demon.nl

References:
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: ACL to permit access to some attributes
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL to permit access to some attributes
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: ACL to permit access to some attributes
Next by Date: slurpd in .dws
Index(es):
- Chronological
- Thread