[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: (ITS#7495) access filter not correctly validated if assertion attribute not requested
- To: openldap-its@OpenLDAP.org
- Subject: Re: (ITS#7495) access filter not correctly validated if assertion attribute not requested
- From: michael@stroeder.com
- Date: Thu, 17 Jan 2013 10:51:57 GMT
- Auto-submitted: auto-generated (OpenLDAP-ITS)
Sorry for the confusion caused by editing what I've copied from the real
system before which uses a group for several Samba DC instances.
In this example the ACL part should be more simple like this:
access to
dn.subtree="o=example"
attrs=sambaNTPassword
filter="(organizationalStatus=0)"
by dn.exact="uid=samba_dc,o=example" write
by group="cn=slapd Admins,ou=groups,o=example" =sw
by self =w
by * none
Ciao, Michael.