[Date Prev][Date Next] [Chronological] [Thread] [Top]

access control

To: openldap-software@OpenLDAP.org
Subject: access control
From: Dmitriy Kirhlarov <dkirhlarov@oilspace.com>
Date: Wed, 21 Jun 2006 18:10:03 +0400
Content-disposition: inline
User-agent: mutt-ng/devel-r581 (FreeBSD)

Hi, list

I'm using openldap 2.3.21 on rhel3.

For authorization I use several fields:
userPassword
sambaLMPassword
sambaNTPassword
sshPublicKey

I want to limit access to this fields.
anonymous auth, self write, none for others for password fields.
anonymous read access to sshPublicKey.
write access to inetOrgPerson attributes for special group.
anonymous read for any other fields.

Problem is -- access to sshPublicKey for anonymous does not work.

My slapd.conf has:

# access to auth fields.
access to
        dn.regex="^(.+)o=oil([^,]+)$"
        attrs=userPassword,sambaLMPassword,sambaNTPassword
        by anonymous auth
        by self write
        by * none

# access to ssh public key
access to
       dn.regex="^(.+)o=oil([^,]+)$"
       attrs=sshPublicKey
       by self write
       by * read

# access to information fields
access to
       dn.regex="^(.+)o=oil([^,]+)$"
       attrs=@inetOrgPerson,cn
       by self write
       by group/groupOfUniqueNames/uniqueMember.expand="cn=Users Editors,ou=groups,o=oil$2" write
       by users read

# default access
access to * by * read

What's wrong?

WBR
-- 
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com

Follow-Ups:
- Re: access control
  - From: Aaron Richton <richton@nbcs.rutgers.edu>

Prev by Date: LDAP+SASL
Next by Date: Re: access control
Index(es):
- Chronological
- Thread