[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Bind/Ldappasswd

On Tuesday, 13. November 2001 05:14, Lee Hoffman wrote:
> Hey All,
> I seem to be having a problem is binding and userPasswords. I have two
> admin users (admin1 and admin2) that I want to be able to search and
> write to the directory. I then have a bunch of other users that I just
> want to be able to bind to the server (Im using cyrus with PAM-LDAP).

> # Define global ACLs to disable default read access.
> defaultaccess auth
> # Users Modify Thier Information
> access to * by self write
> # Software Access
> access to * by dn="uid=admin1,ou=users,dc=mydomain,dc=com" write
> access to * by dn="uid=admin2,ou=users,dc=mydomain,dc=com" read
> access to * by * auth


most probably you want:

access to * by self write
            by dn="uid=admin1,ou=users,dc=mydomain,dc=com" write
            by dn="uid=admin2,ou=users,dc=mydomain,dc=com" read
            by * auth

access control is always eveluated from the beginning to the first match.
"access to * by self write" means that access is only granted to self, all 
other objects won't get any access at all. There is a section in the admin 
guide and in the FAQ about this issue.

Stephan Siano

Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux Solutions AG                 Phone: 06196 50951 31
Mergenthalerallee 45-47			Fax:   06196 409607
D-65760 Eschborn