[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie Question on access control

To: openldap-software@OpenLDAP.org
Subject: Newbie Question on access control
From: Rob Tanner <rtanner@linfield.edu>
Date: Fri, 02 Jul 2004 16:21:14 -0700
Content-disposition: inline

Hi,

I am going to be moving from the Netscape commercial server to OpenLDAP, and while I have the ACIs in Netscape down pretty well, I'm having a bit of trouble duplicating the access on OpenLDAP.

Right off the bat, I want to grant read access to everybody to those entries in the "ou=people,o=linfield.edu" subtree, but I need to restrict access to that students who have elected to keep directory info private don't have LDAP entries that are generally readable.

Here's the access rule I wrote:

access to dn.subtree="ou=people,o=linfield.edu"
filter="(&(!(ferpaStatus=Private))(!(entryStatus=Inactive))(ou=Student))"
by * read

The effect of the access rule, however, is to deny access to all entries. What am I doing wrong?

Thanks,
Rob

--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

Follow-Ups:
- Re: Newbie Question on access control
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Looking for current ldap-autofs howto
Next by Date: Re: Retrieving more results after LDAP_SIZELIMIT_EXCEEDED
Index(es):
- Chronological
- Thread