[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: adding access control for replication user

To: <robin@primus.ca>
Subject: Re: adding access control for replication user
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Sun, 18 Apr 2004 20:28:59 +0200 (CEST)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <Pine.LNX.4.58.0404171557580.18303@hephaestus.tor.primus.ca>
References: <Pine.LNX.4.58.0404171557580.18303@hephaestus.tor.primus.ca>

> Thanks that does make things work, I did in fact have something similar
> exept it was more like ...
>
> access to attrs=userPassword
> by dn="<your replicator's DN>" write
> by self write
> by * auth

Likely you added a last directive of the form

access to *
        by dn.exact="<your replicator's DN>" write

This by default implies that anonymous users can't read "*".

If your intention is that everything that's not explicitly
protected by ACLs must be readable by all including anonymous,
then add a last directive of the form

access to *
        by dn.exact="<your replicator's DN>" write
        by * read

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

Follow-Ups:
- Re: adding access control for replication user
  - From: "Robin M." <robin@primus.ca>

References:
- Re: adding access control for replication user
  - From: "Robin M." <robin@primus.ca>

Prev by Date: Re: SASL and Kerberos 5 (sasl-regexp)
Next by Date: Re: SASL and Kerberos 5 (sasl-regexp)
Index(es):
- Chronological
- Thread