[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: An Other Access Control Question...

i think i know what you're asking....  anywaym the way i have my acls set up,
for example, is:

# set default access control to read only
defaultaccess read

# for the userpassword attribute, let only the user and the administrator read
and/or modify it.  other users can
# only perform a compare.
access to attr=userpassword
        by self write
        by dn="cn=admin, o=my org, c=AU" write
        by * compare

#for all other attributes, again let the user and administrator modify, and
everyone can read.
access to *
        by self write
        by dn="cn=admin, o=my org, c=AU" write
        by * read

matching on "self" is a wildcard for the personal logging in.  so you don't
need to add new acls for each new person.

if, on the other hand, you were asking how you can change these controls
without restarting slapd, then i can't help you.

"Rouviere, Stephane" wrote:

> Hello,
> I have recently installed and configured LDAP (OpenLDAP) but I have a
> question.
> I saw that it is very easy to add a person in a ldap tree (using the ldapadd
> command for example).
> usually, the access rigths for a person are declared in the slapd.conf which
> is read at the start of the ldap server daemon.
> But, how can I configure specific access rigth for a new person without
> restarting the ldap server?
> Thanks in advance for your help
> Stephane