[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Decyphering openldap ACL logs

To: openldap-software@OpenLDAP.org
Subject: Re: Decyphering openldap ACL logs
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Fri, 30 Apr 2004 09:57:28 +0200
In-reply-to: <7298572fc4.72fc472985@asianetindia.com> (rajkumars@asianetindia.com's message of "Fri, 30 Apr 2004 08:27:45 +0500")
References: <7298572fc4.72fc472985@asianetindia.com>
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux)

rajkumars@asianetindia.com writes:

[...]

> Ok. My ldif file is given below, I am wondering why the aci entries were not applied. Sorry for asking too many questions, I am just trying to learn and understand this :)
[...]

aci is a directory operation, thus you have to define the attribute
(OpenLDAPaci) either within your search string or in slapd.conf.
  
> dn: dc=com
> o: linuxense.com
> dc: com
> administrator: uid=mailadmin,dc=com
> OpenLDAPaci: 1.2.3#entry#grant;r;[entry]#public#
> OpenLDAPaci: 1.2.3#entry#grant;r,s,c;objectClass,[entry]#public#

Read the comments in acl.c and 
http://www.openldap.org/faq/data/cache/634.html
[...]

-Dieter

-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de

References:
- Re: Decyphering openldap ACL logs
  - From: rajkumars@asianetindia.com

Prev by Date: Re: Decyphering openldap ACL logs
Next by Date: No subject
Index(es):
- Chronological
- Thread