[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL problem with userPassword

At 01:10 PM 11/19/99 -0500, Kevin Myer wrote:
>Ok, something is majorly not clicking with my synapses today.  I pretty
>much understand the idea behind the way that slapd interprets ACL (I
>think).  I've tried a bunch of different combos and read what many people
>have had to say in the mailing list archives about ACL.  I understand that
>defaultaccess is read and that the rootdn account has write access.  So
>the simple question is:  what ACL do I need to give myself, binding as a
>non rootdn account, write access?

When mucky with ACLs, the very first you should do is:

defaultaccess none

>I thought the following would do it:
>access to *
>by self write
>by * read

An ACL is a single configuration directive.  If you continue
it across multiple lines you must indicate that the lines are
contituations.  Leading whitespace is used to indicate that
the line is a continuation of the previous line.

>If I understand ACL right, the first line should allow access to
>everything in the entire directory tree, the second line should allow
>myself write access (after I've bound myself) and the third line should
>give everyone else read access.

Assuming you have white space in front to the "by ..." lines, yes.
Otherwise you have a syntax error.

>Where is the error in my logic here?  I simply can't figure out what else
>I need.  That _should_ be enough shouldn't it?  But without fail, I keep
>getting send_ldap_result 50:: in my logs :(

First, make sure you don't have any syntax errors reported in your
logs.  Second, post a complete list of ACLs exactly as they
appear in your slapd.conf file.

Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>