[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access-Control

Samir Desai schrieb:
> I am still trying to get the knack of building the acl's, since they are
> very picky in OpenLDAP.  Not only is the access controls importants but even
> their ordering.

Right. But depends on the defaultaccess rights. If you set this to none, than
the order is important. 

> access          to dn=".*,ou=Development,o=ZoomTown.com,c=US" attr=uid,userpassword
>                 by self write
>                 by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
>                 by * compare
The "by * compare" will match first the binding "cn=Samir
Desai,ou=Development,o=ZoomTown.com,c=US".  So you have only rights to compare
entries. If i understand right the ldap server won't search for other matching
rules and it will not read the "by * search" in the next acccess description.

Frank Matthieß	      

Privat Frank.Matthiess@GMX.net			                +49-5245-4662
Firma  Frank.Matthiess@decor-metall.de                       +49-5222-286-315