[Date Prev][Date Next] [Chronological] [Thread] [Top]


Order of access directives (and by clauses with them) matters...
your first ACL matches everything under and including o=Right Vision.
The second ACL attempts to match userPassword under what's already been controlled.  Swap the order.


At 03:45 PM 12/1/99 CET, Fabrice Nouet wrote:
>Hello All,
>I still have a problem with ACL:
>My first line is:
>access to dn=".*o=Right Vision" by dn="cn=Fabrice,ou=Admin,o=Right Vision" 
>My second line is:
>access to dn=".*ou=User,o=Right vision" attr=userpassword
>by dn="cn=Thierry,ou=Admin,o=Right Vision" read by * none
>I am waiting for the following result:
>- Fabrice has all access to write to all my openLdap base
>- Thierry can read all entries below ou=User,o=Right Vision
>- The other users read all entries but not the userpassword attribut below 
>ou=User,o=Right Vision
>The second line (ACI) is not functionning, but when I delete my first line 
>(without the Fabrice's access) it is well functionning.
>I do not understand what is wrong in my slapd.conf ?
>Could someone help me to resolve this problem ?
>Thanks in advance,
>Get Your Private, Free Email at http://www.hotmail.com

Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>