[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd: access control

To: "Trapp, Michael" <michael.trapp@sap.com>
Subject: Re: slapd: access control
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 21 Jul 2000 10:34:13 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <C59F2D5004BDD311BEC500508B6FF2AD4B1D35@dewdfx16>

At 02:51 PM 7/21/00 +0200, Trapp, Michael wrote:
>hi,
>
>i've some problems with the access section in the slapd.conf file.
>
>...
>access to dn='uid=.*, ou=people, o=test' attrs=password
>        by dn='cn=rwpwd, ou=people, o=test" write
>access to dn='uid=.*, ou=people, o=test' attrs=password
>        by dn='cn=ropwd, ou=people, o=test" read
>...


If ever the first ACL matched, which it won't, the second would
never used as the first matched.  You need to:
        1) write regex which match normalized DN
        2) combine the by clauses

That is:

access to dn='uid=.*,ou=people,o=test' attrs=password
        by dn='cn=rwpwd,ou=people,o=test" write
        by dn='cn=ropwd,ou=people,o=test" read


See FAQ and archives for further discussion and archives.

References:
- slapd: access control
  - From: "Trapp, Michael" <michael.trapp@sap.com>

Prev by Date: Re: ever-mounting frustration
Next by Date: stop the presses, IT WORKED!
Index(es):
- Chronological
- Thread