[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL filters

To: openldap-software <openldap-software@OpenLDAP.org>
Subject: Re: ACL filters
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 01 Jul 1999 11:16:25 -0700
Cc: Emmanuel JEGOU <Emmanuel.Jegou@naonet.fr>
In-reply-to: <3.0.5.32.19990701000832.009de210@localhost>
References: <377A366E.32B5DC6F@naonet.fr>

At 12:08 AM 7/1/99 -0700, Kurt D. Zeilenga wrote:
>At 05:23 PM 6/30/99 +0200, Emmanuel JEGOU wrote:
>>Hello,
>>
>>I try to manage access controls on entries under ou=people,o=Naonet
>>Company,c=fr entry to only one person for the moment.
>>My problem occurs when I want to manage access to entries with the
>>attribut value equal to 'Personnel'. Only the entries that verify this
>>condition can be accessed.
>
>It looks like Rule 2 should do the trick.  When you tested it was
>it the first rule in slapd.conf?   Remember that only the first
>matched "what" clause of the first matched "who" clause matters.  If
>no "what" clause matches of the first matched "who" clause, the
>default rule is applied.  If no "who" cause matches, the default
>rule is applied.

Yiks... I reversed "what" and "who" in the above.

That is.  Only the first matching (to "what" clause) ACL matters.
And within this ACL, only the first matching (by "who") clause
matters.

Sorry if confused anyone.

References:
- Re: ACL filters
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Again, Netscape and Roaming profiles...
Next by Date: Re: ACL and groups
Index(es):
- Chronological
- Thread