[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Insufficient access ??

I'm using the global ACL, I don't know how puting local acl, but none are


-----Original Message-----
From: ando@core2.bci.it [mailto:ando@core2.bci.it]On Behalf Of
Pierangelo Masarati
Sent: Tuesday, October 24, 2000 12:17 PM
To: De Leeuw guy
Subject: Re: Insufficient access ??

De Leeuw guy wrote:

> Hi all,
> Here is the acl extract of my slapd.conf :
> ==========================================
> # Define global ACLs to disable default read access.
> defaultaccess none
> access to attr=userPassword
>         by self write
>         by anonymous auth
>         by * none
> access to *
>     by dn="cn=De Leeuw Guy, br=Internal, o=Eurofer, c=be" write
>     by self write
>     by * read
> =========================================
> when I'm connected with the dn="cn=Katsiboubas Angélique, br=Internal,
> o=Eurofer, c=be"
> it's impossible to create or modify an entry.
> Why ?

Did you put the "access to " directives in the global scope, or in a
database scope? I'm not sure, but in OpenLDAP2 global scope ACLs should
be overridden by local directives, and "defaultaccess none" means local
are VERY restrictive, so they override the global writing permissions may
trying to give.

Bye, Pierangelo.