[Date Prev][Date Next] [Chronological] [Thread] [Top]

acls and restricting permissions

To: openldap-software@openldap.org
Subject: acls and restricting permissions
From: "Brett @Google" <brett.maxfield@gmail.com>
Date: Tue, 2 Dec 2008 14:14:52 +1000
Content-disposition: inline

Hi All,

I was wondering how i go about giving LESS access than the default ACL rule.

Lets assume some default permissions set from the FAQ-o-matic :

access to attr=userpassword
    by self =xw
    by anonymous auth

  access to *
    by self write
    by users read

This allows the "standard user" to read all attributes, and write
thier own details.

Assuming we add to the above a user that has LESS access than the default ie:

access to attr=c,o,ou,cn,sn,givenName,mail
    by dn.exact=cn=limited,dc=example,dc=com
    by * none (or break)

This literally wont work as intended, because even if the above does
not match, the

  access to *
    by self write
    by users read

Will always give users read by default.

Any ideas ?

Cheers
Brett

Follow-Ups:
- Re: acls and restricting permissions
  - From: Aaron Richton <richton@nbcs.rutgers.edu>
- Re: acls and restricting permissions
  - From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>

Prev by Date: Re[2]: slapd-meta and acls
Next by Date: Re: slapd-meta and acls
Index(es):
- Chronological
- Thread