[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Admin Guide - Access Control Example (ITS#1185)
Full_Name: Bill Melvin
Version: N/A
OS: N/A
URL: ftp://ftp.openldap.org/incoming/Bill-Melvin-010531.patch
Submission from: (NULL) (138.116.100.164)
Hi ... I have to admit I am no slapd.conf wiz so maybe
I am missing the boat here. The Access Control example
in both the stable and development versions:
http://www.openldap.org/doc/admin/slapdconfig.html#Access Control
http://www.openldap.org/devel/admin/slapdconfig.html#Access Control
of the Admin Guide is confusing to me:
...
> 23. # ldbm access control definitions
> 24. access to attr=userPassword
> 25. by self write
> 26. by anonymous auth
> 27. by dn="cn=Admin,dc=example,dc=com" write
> 28. by * none
> 29. access to *
> 30. by self write
> 31. by dn="cn=Admin,dc=example,dc=com" write
> 32. by * read
> ^^^^^^^^^
...
> Lines 24 through 32 specify access control for entries in the
> database. For all entries, the userPassword attribute is writable
> by the entry itself and by the "admin" entry. It may be used for
> authentication/authorization purposes, but is otherwise not
> readable. All other attributes are writable by the entry and the
> "admin" entry, but may be read by authenticated users.
^^^^^^^^^^^^^
Like I said, I am pretty new to all this, but doesnt "*" mean
authenticated /and/ anonymous users? If I'm not out of my tree
a possible patch (to the html not sdf, sorry) is at the url below.
Only one line of context b/c the lines after the example would get
wrapped beyond recognition.
If I am out of it, well ... nevermind ;>
Thanks,
/Bill