[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
access restriction/binding problem
Can somebody please explain to me how to get the access restrictions to work
correctly?
I am trying to make certain attributes in a DN only writable by the owner of
the DN and
only let the 'root' DN see the userID and userPassword fields. But I can do a:
ldapsearch -D 'cn=Steve Maring,o=GTE Enterprise Solutions,c=US' -w '*****'
'sn=Maring'
and it shows everything (including userPassword)
Please help!
This is my slapd.conf
include /usr/local/ldap/etc/ldap/slapd.at.conf
include /usr/local/ldap/etc/ldap/slapd.oc.conf
schemacheck on
referral ldap://ldap.itd.umich.edu
#######################################################################
# ldbm database definitions
#######################################################################
database ldbm
suffix "o=GTE Enterprise Solutions, c=US"
directory /data/directory
rootdn "cn=root, o=GTE Enterprise Solutions, c=US"
rootpw **********
bindmethod simple
#######################################################################
# access restrictions to gtePerson
#######################################################################
access to * by dn="cn=root,o=GTE Enterprise Solutions,c=US" write
access to dn=".*,o=GTE Enterprise Solutions,c=US"
attr=userID,userPassword
by * none
access to dn=".*,o=GTE Enterprise Solutions,c=US"
attr=o,cn,sn,ou,title,mail,telephoneNumber,facsimileTelephoneNumber,pager,pag
erPin,pagerService,mobile,physicalDeliveryOfficeName,postalAddress,city,st,post
alCode,mailCode,manager,secretary,employer,serviceDate,jobDescription,education
,experience,interests,comments,birthDate,jpegPhoto,homePhone,homePostalAddress,
userCertificate,lastModifiedBy,lastModifiedTime
by self write
by * read
-Steve Maring
smaring@gte-es.com
GTE Enterprise Solutions
Tampa, FL USA