[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl question

To: Adam Shand <larry@spack.org>, "Openldap-Software (E-mail)" <openldap-software@OpenLDAP.org>
Subject: Re: acl question
From: Daniell Freed <dxf@dewittross.net>
Date: Mon, 05 Mar 2001 08:59:58 -0600
References: <Pine.LNX.4.32.0103042302510.2111-100000@heyzeus.spack.org>

Thanks for the info. I hadn't looked at the administrator guide because I thought that it was only for the Openldap 2.x series, but I take it the way ACL's are handled between the 2 versions hasn't changed?

Dan

Adam Shand wrote:

> I need to setup an acl where a specific user has write access to a
> particular ou and everything below it. What I have tried to do is
> this:
acl's are parsed from most specific to least specific in two ways. the
first "access to" that matches is the one that is used and then down the
list of "by X blah" the first one that matches is used.
> # access levels
> defaultaccess read
>
> access to * by dn="cn=manager,o=contacts.company.net" write
so this is the only acl that will be parsed because "access to *" matches
everything. the lower acls will never be read.
read the section on acl's in the admin guide and there is a good bit in
the developers section of the faq-o-matic as well.
adam.

-- 
Daniell Freed
Computer Services
Dewitt, Ross, & Stevens S.C.

He who fights with monsters might take care 
lest he thereby become a monster. 
And if you gaze for long into an abyss, 
the abyss gazes also into you.

Beyond Good and Evil
Friedrich Wilhelm Nietzche

Follow-Ups:
- Re: acl question
  - From: Adam Shand <larry@spack.org>

References:
- Re: acl question
  - From: Adam Shand <larry@spack.org>

Prev by Date: Re: Openldap and Solaris 8
Next by Date: Re: crypt openldap password in PHP ?
Index(es):
- Chronological
- Thread