[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access priv help



Take another look at the examples in the admin guide:
http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control

You should notice that your line 'access to dn="ou=Employees,o=GBB,c=US"' is
not correct, you need wildcards, as in either:

access to dn="(.*,)?dc=example,dc=com"

or, even easier, if you don't have varying levels of access under your
different OUs:

access to *

The configuration file example at the link above sounds like *almost* what
you want to do.


> From: "Mike Coughlan" <mcoughlan@gothambroadband.com>
> Reply-To: <mcoughlan@gothambroadband.com>
> Date: Fri, 20 Apr 2001 17:45:33 -0400
> To: <OpenLDAP-software@OpenLDAP.org>
> Subject: access priv help
> 
> Can someone please assist me on setting granular access privs?  I've read
> the admin guide and searched the lists, but still need help.
> 
> Versions
> Red Hat 6.2
> openldap-1.2.9-6
> openldap-devel-1.2.9-6
> 
> I have a classic OrgUnit, ou=Employees,o=GBB,c=US.  I would like to give
> everyone write permissions to self, read permissions on cn, username,
> telephonenumber etc. and no permissions on hometelephonenumber.  Basically I
> would like some attributes private, most public, and authentification
> possible against attributes username & userpassword.
> 
> If someone can mail me a similar slapd.conf as an example that would be
> great. Here was my attempt:
> 
> access to dn="ou=Employees,o=GBB,c=US"
> by dn="cn=Admin,o=GBB,c=US" write
> by * search
> by self write
> 
> access to  dn="ou=Employees,o=GBB,c=US"
> attr=mail,telephonenumber,cn,username
> by * read
> 
> 
>