[Date Prev][Date Next]
Re: ACL problem with userPassword
At 01:10 PM 11/19/99 -0500, Kevin Myer wrote:
>Ok, something is majorly not clicking with my synapses today. I pretty
>much understand the idea behind the way that slapd interprets ACL (I
>think). I've tried a bunch of different combos and read what many people
>have had to say in the mailing list archives about ACL. I understand that
>defaultaccess is read and that the rootdn account has write access. So
>the simple question is: what ACL do I need to give myself, binding as a
>non rootdn account, write access?
When mucky with ACLs, the very first you should do is:
>I thought the following would do it:
>access to *
>by self write
>by * read
An ACL is a single configuration directive. If you continue
it across multiple lines you must indicate that the lines are
contituations. Leading whitespace is used to indicate that
the line is a continuation of the previous line.
>If I understand ACL right, the first line should allow access to
>everything in the entire directory tree, the second line should allow
>myself write access (after I've bound myself) and the third line should
>give everyone else read access.
Assuming you have white space in front to the "by ..." lines, yes.
Otherwise you have a syntax error.
>Where is the error in my logic here? I simply can't figure out what else
>I need. That _should_ be enough shouldn't it? But without fail, I keep
>getting send_ldap_result 50:: in my logs :(
First, make sure you don't have any syntax errors reported in your
logs. Second, post a complete list of ACLs exactly as they
appear in your slapd.conf file.
Kurt D. Zeilenga <email@example.com>
Net Boolean Incorporated <http://www.boolean.net/>