[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Searching the LDAP Database?

At 10:49 AM 10/20/99 -0700, Keith Keller wrote:
>An undocumented ''feature'' of the slapd.conf file is

man 5 slapd.conf: "If a line begins with white space,
it is considered a continuation of the previous line."

>access to dn="cn=Manager, dc=tbred, dc=com"
> by self write
> by * none

Note, the syntax is "access to dn=<regex> ..." where the regex
matches the normalized DN of the entry.  Hence the above has
no effect as it wont match any normalized DN.   To grant the
manager write to his entry and deny all access to others:

access to dn="cn=Manager,dc=tbred,dc=com"
	by self write
	by * none

>Also, make sure you have
>defaultaccess none

Yes!  I strongly recommend all change their default access
to none and learn how to grant access via access directives.

Kurt D. Zeilenga <Kurt@OpenLDAP.org>
OpenLDAP Project <http://www.OpenLDAP.org/>