[Date Prev][Date Next]
Re: help with ACL
At 11:22 AM 10/26/99 -0600, Giri Raichur wrote:
>> access to dn=".*,o=Los Alamos National Laboratory,c=US"
>> by dn="^$$" none
>> by dn=".*,o=Los Alamos National Laboratory,c=US" read
>> by * none
>Thank you. However, I am still confused about the default access line in
>the access list.
>should that be included in the access list or is "by * none" in the
>access clause sufficient.
by * none does match everything and hence you could drop the first
who clause. However, I doubt this is your problem. It appears as
the implicit, last ACL:
access to * by * default
rules is being applied (where default is whatever you set default
I suspect, a DN mismatch (your entries/targets are not under
"o=Los Alamos National Laboratory,c=US") or that you are not accessing
the directory in a manner consist with the ACLs.
Is this your only ACL? If not, provide the complete list.
>When I type "defaultaccess none" above the access clause, all searches
Duplicate the problem using ldapsearch. Post a copy of the exact
command line issued and the results.
You might also peak at the log files to see if offers any hints.
You might enable ARGS, TRACE, and ACL debugging as well. This will
generate a huge amount of output.
>I would like to set defaultaccess to none and only allow otherwise.
I strongly recommend "defaultaccess none". Besides being a
sane default, it offers forward compatibility with future versions
Kurt D. Zeilenga <email@example.com>
Net Boolean Incorporated <http://www.boolean.net/>