[Date Prev][Date Next]
On Tuesday, 13. November 2001 05:14, Lee Hoffman wrote:
> Hey All,
> I seem to be having a problem is binding and userPasswords. I have two
> admin users (admin1 and admin2) that I want to be able to search and
> write to the directory. I then have a bunch of other users that I just
> want to be able to bind to the server (Im using cyrus with PAM-LDAP).
> # Define global ACLs to disable default read access.
> defaultaccess auth
> # Users Modify Thier Information
> access to * by self write
> # Software Access
> access to * by dn="uid=admin1,ou=users,dc=mydomain,dc=com" write
> access to * by dn="uid=admin2,ou=users,dc=mydomain,dc=com" read
> access to * by * auth
most probably you want:
access to * by self write
by dn="uid=admin1,ou=users,dc=mydomain,dc=com" write
by dn="uid=admin2,ou=users,dc=mydomain,dc=com" read
by * auth
access control is always eveluated from the beginning to the first match.
"access to * by self write" means that access is only granted to self, all
other objects won't get any access at all. There is a section in the admin
guide and in the FAQ about this issue.
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux Solutions AG Phone: 06196 50951 31
Mergenthalerallee 45-47 Fax: 06196 409607