[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: Newbie ACL questions

Hi All,

After collecting lots of information, I'm now busy populating an
OpenLDAP 2.0.21 server. With it, the need for ACLs is growing.

I've read the Admin guide, I also found several related messages in the
mailing archive, but somehow I don't get quite the wanted result.

As I experience, ACL works as follows:

1) The ACL-lines are processed in order
2) If the <what> clause matches, rules are applied
3) No more ACL lines are processed!!

This is what I want, and what ACLs I've put together:

I do want users to access their own entry, and entries which has their
db in the attribute 'owner', but they are not allowed to browse the tree

access to *
	by self read
	by anonymous auth

I do want to authenticate against LDAP, but I don't want anonymous
read access to the tree.

access to dn="" 
	by anonymous auth

However, my authenticated users can't get any ainfo any more!

Final question:

How do I obtain my own entry? A simple filter like:

dn="cn=my name,ou=people,dc=wiwo,dc=nl" returns 0 hits

I'm sure there is a simple way to do this, but it's so simple it isn't
mentioned anywhere in the docs (or I just overlooked...)

Can anyone help?



ing. Marcel van Dorp (CCDP, CCNP+security)   http://www.wiwo.nl
WiWo Support                                 tel. 071-523 77 91
Postbus 1098                                 fax  071-523 77 94
2340 BB Oegstgeest                           gsm  0653-50 77 76