[Date Prev][Date Next]
Order of access directives (and by clauses with them) matters...
your first ACL matches everything under and including o=Right Vision.
The second ACL attempts to match userPassword under what's already been controlled. Swap the order.
At 03:45 PM 12/1/99 CET, Fabrice Nouet wrote:
>I still have a problem with ACL:
>My first line is:
>access to dn=".*o=Right Vision" by dn="cn=Fabrice,ou=Admin,o=Right Vision"
>My second line is:
>access to dn=".*ou=User,o=Right vision" attr=userpassword
>by dn="cn=Thierry,ou=Admin,o=Right Vision" read by * none
>I am waiting for the following result:
>- Fabrice has all access to write to all my openLdap base
>- Thierry can read all entries below ou=User,o=Right Vision
>- The other users read all entries but not the userpassword attribut below
>The second line (ACI) is not functionning, but when I delete my first line
>(without the Fabrice's access) it is well functionning.
>I do not understand what is wrong in my slapd.conf ?
>Could someone help me to resolve this problem ?
>Thanks in advance,
>Get Your Private, Free Email at http://www.hotmail.com
Kurt D. Zeilenga <email@example.com>
Net Boolean Incorporated <http://www.boolean.net/>
- From: "Fabrice Nouet" <firstname.lastname@example.org>