[Date Prev][Date Next]
Samir Desai schrieb:
> I am still trying to get the knack of building the acl's, since they are
> very picky in OpenLDAP. Not only is the access controls importants but even
> their ordering.
Right. But depends on the defaultaccess rights. If you set this to none, than
the order is important.
> access to dn=".*,ou=Development,o=ZoomTown.com,c=US" attr=uid,userpassword
> by self write
> by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
> by * compare
The "by * compare" will match first the binding "cn=Samir
Desai,ou=Development,o=ZoomTown.com,c=US". So you have only rights to compare
entries. If i understand right the ldap server won't search for other matching
rules and it will not read the "by * search" in the next acccess description.
Privat Frank.Matthiess@GMX.net +49-5245-4662
Firma Frank.Matthiess@decor-metall.de +49-5222-286-315