[Date Prev][Date Next] [Chronological] [Thread] [Top]

Admin Guide - Access Control Example (ITS#1185)

Full_Name: Bill Melvin
Version: N/A
URL: ftp://ftp.openldap.org/incoming/Bill-Melvin-010531.patch
Submission from: (NULL) (

Hi ... I have to admit I am no slapd.conf wiz so maybe
I am missing the boat here. The Access Control example
in both the stable and development versions:

    http://www.openldap.org/doc/admin/slapdconfig.html#Access Control
    http://www.openldap.org/devel/admin/slapdconfig.html#Access Control

of the Admin Guide is confusing to me:


>  23.    # ldbm access control definitions
>  24.    access to attr=userPassword
>  25.            by self write
>  26.            by anonymous auth
>  27.            by dn="cn=Admin,dc=example,dc=com" write
>  28.            by * none
>  29.    access to *
>  30.            by self write
>  31.            by dn="cn=Admin,dc=example,dc=com" write
>  32.            by * read
>                 ^^^^^^^^^

> Lines 24 through 32 specify access control for entries in the
> database. For all entries, the userPassword attribute is writable
> by the entry itself and by the "admin" entry.  It may be used for
> authentication/authorization purposes, but is otherwise not
> readable.  All other attributes are writable by the entry and the
> "admin" entry, but may be read by authenticated users.
Like I said, I am pretty new to all this, but doesnt "*" mean
authenticated /and/ anonymous users? If I'm not out of my tree
a possible patch (to the html not sdf, sorry) is at the url below.
Only one line of context b/c the lines after the example would get
wrapped beyond recognition.

If I am out of it, well ... nevermind ;>