[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Rights in SLAPD.CONF

Earlier today, Julio Sánchez Fernández wrote:

> Ummm.  I think you have to write the first one like this:
> >     access to attr="userpassword"
> >         by self write
> >         by dn="cn=adminuser,o=My Company Name,c=US" write
> >         by * compare

What's actually the purpose of "by * compare"?  I mean, I'm using:

  defaultaccess  read
  access         to attr=userpassword
                 by self write
                 by * none

and authenticated binds to the directory still work without any problems.
Unfortunately the UMich SLAPD Admin guide isn't too clear on distinguishing
the differences between "none", "compare", "search", "read" and "write"
(beyond the bleedin' obvious which no doubt leaves everything open to
interpretation - not good for ACLs).