Re: help with ACL

[Giri Raichur <gzzr@lanl.gov>]

"Kurt D. Zeilenga" wrote:

> At 09:15 AM 10/26/99 -0600, Giri Raichur wrote:
> >"Kurt D. Zeilenga" wrote:
> >
> >> At 10:38 PM 10/25/99 -0600, Giridhar Raichur wrote:
> >> >> >1. Disable anonymous access (NULL bind entry)
> >> >>
> >> >> Set default access to none and add:
> >> >>      by dn="" none
> >> >
> >> >I tried to do just that but that seems to prevent all searches.
> >> >Here's what I have in my access list -
> >> >
> >> >defaultaccess none
> >> >
> >> >access to dn=".*, o=Los Alamos National Laboratory, c=US"
> >> >       by dn="" none
> >> >       by dn=".*, o=Los Alamos National Laboratory, c=US" read
> >> >       by *    none
> >>
> >> s/, /,/g above so that the DN regex will able to match the
> >> normalized DNs of your entries.
> >>
> >
> >I did what you suggested but with the same result. It works OK if
> >I comment out
> >"defaultaccess none" or when I make default access "read".
>
> Sorry, I forgot that dn="" doesn't work in OpenLDAP 1.2.
> Instead, you need to use dn="^$$" to match anonymous uses.
> (Yes, two $$).  So,
>
> access to dn=".*,o=Los Alamos National Laboratory,c=US"
>         by dn="^$$" none
>         by dn=".*,o=Los Alamos National Laboratory,c=US" read
>         by *    none
>

Thank you. However, I am still confused about the default access line in
the access list.
should that be included in the access list or is "by * none" in the
access clause sufficient.
When I type "defaultaccess none" above the access clause, all searches
fail.
I would like to set defaultaccess to none and only allow otherwise.
Regards,

    Giri Raichur