[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access control help

Subject: Re: access control help
From: Peter Lüders <pe7@gmx.de>
Date: Thu, 21 Jun 2001 19:26:53 +0200
Cc: openldap-software@OpenLDAP.org
References: <2397273.3201712018@alyon-101-1-2-25.abo.wanadoo.fr> <3B2CF435.847BD35C@gmx.de> <3B2DB38C.1000201@infonova.at>

many many thanks !!! now it works. im very glad :)

cheers
p.lüders


Tiefnig Daniel wrote:

> David Olivier some time wrote:
>  >> access to attr=userPassword
>  >> by self write
>  >> by anonymous auth
>  >> by dn="cn=Admin,dc=orderrace,dc=com" write
>  >> by * none
>  >> access to dn.regex=".*,cn=(.*),dc=orderrace,dc=com"
>  >> by dn.regex=".*,cn=$1,dc=orderrace,dc=com" write
>  >> by * none
>
> i guess, your user will have a problem here reading it's own entry.
> (when specifying '.*,cn=(.*)') try to leave the ',' away in the regex
> and you should get access to the entry itself too, not only the subtree:
>
> access to dn.regex=".*cn=(.*),dc=orderrace,dc=com"
>    by dn.regex="cn=$1,dc=orderrace,dc=com" write
>    by * none
>
> this gives your 'cn=<something>,dc=orderrace,dc=com'-users write access
> to "their" subtree. if you want to allow subtree entries also to write
> the subtree, add a '.*' in front of the second dn.regex too.
>
> not sure wether this works, but it looks logical to me..
>
> daniel
>

--
(((http://jzone.de)))

References:
- Re: access control help
  - From: David Olivier <David.Olivier@univ-lyon2.fr>
- Re: access control help
  - From: Peter Lüders <pe7@gmx.de>
- Re: access control help
  - From: "Tiefnig Daniel" <daniel.tiefnig@infonova.at>

Prev by Date: Re: password exop and encrypted passwords
Next by Date: Re: mailacceptinggeneralid in OpenLDAP-2.0.11
Index(es):
- Chronological
- Thread