[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searching the LDAP Database?

To: Keith Keller <kkeller@sirius.com>
Subject: Re: Searching the LDAP Database?
From: "Kurt D. Zeilenga" <kurt@OpenLDAP.org>
Date: Wed, 20 Oct 1999 18:50:38 -0700
Cc: Jim McConnell <jkm@tbred.com>, openldap-software@OpenLDAP.org
In-reply-to: <380E00C6.EFAB3749@sirius.com>
References: <NDBBIAMFPKPLHAHKMJEFEEFLCFAA.jkm@tbred.com>

At 10:49 AM 10/20/99 -0700, Keith Keller wrote:
>An undocumented ''feature'' of the slapd.conf file is

man 5 slapd.conf: "If a line begins with white space,
it is considered a continuation of the previous line."

>access to dn="cn=Manager, dc=tbred, dc=com"
> by self write
> by * none

Note, the syntax is "access to dn=<regex> ..." where the regex
matches the normalized DN of the entry.  Hence the above has
no effect as it wont match any normalized DN.   To grant the
manager write to his entry and deny all access to others:

access to dn="cn=Manager,dc=tbred,dc=com"
	by self write
	by * none

>Also, make sure you have
>
>defaultaccess none

Yes!  I strongly recommend all change their default access
to none and learn how to grant access via access directives.

----
Kurt D. Zeilenga <Kurt@OpenLDAP.org>
OpenLDAP Project <http://www.OpenLDAP.org/>

References:
- Searching the LDAP Database?
  - From: "Jim McConnell" <jkm@tbred.com>
- Re: Searching the LDAP Database?
  - From: Keith Keller <kkeller@sirius.com>

Prev by Date: Re: Searching the LDAP Database?
Next by Date: Re: Perfomance with ACLs
Index(es):
- Chronological
- Thread