[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access-Control



At 11:40 AM 8/3/99 PDT, Samir Desai wrote:
>access		to dn=".*,ou=Development,o=ZoomTown.com,c=US" attr=uid,userpassword
>		by self write
>		by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
>		by * compare
>
>access		to dn=".*,ou=Development,o=ZoomTown.com,c=US"
>		by self write
>		by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
>		by * search
>
>& conduct an ldapsearch as,
>
>ldapsearch -b "ou=Development,o=ZoomTown.com,c=US" -D "cn=Samir 
>Desai,ou=Development,o=ZoomTown.com,c=US" -w "samir" objectclass=*
>
>it only displays the record of objectclass organizationalUnit & the record 
>of "Samir Desai".  It does not display any other records.
>
>would anyone happen to know why it behaves in such a fashion?

Because you didn't grant read access to those entries and their
attributes.  "search" access controls which entries can be examined
during the operation, "read" access controls what can be returned.

Kurt