[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: Newbie ACL questions

On Tuesday, 26. February 2002 10:19, marcel@wiwo.nl wrote:

> This is what I want, and what ACLs I've put together:
> I do want users to access their own entry, and entries which has their
> db in the attribute 'owner', but they are not allowed to browse the tree
> access to *
> 	by self read
> 	by anonymous auth
> I do want to authenticate against LDAP, but I don't want anonymous
> read access to the tree.
> access to dn=""
> 	by anonymous auth
> However, my authenticated users can't get any ainfo any more!

well, that's what your ACLs say. "access to * by anonymous auth" means that 
only anonymous users can authenticate, reauthentication is not possible. If 
you want that, you need "access to * by * auth"

> Final question:
> How do I obtain my own entry? A simple filter like:
> dn="cn=my name,ou=people,dc=wiwo,dc=nl" returns 0 hits

Your ACLs don't permit browsing the tree (e.g. no user has read access to 
ou=people), so you must enter "cn=my name,ou=people,dc=wiwo,dc=nl" as your 
search base (and e.g. (objectclass=*) as your search filter).

Stephan Siano

Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux AG                           Phone: 06196 50951 31
CU PS DU South TCC UC                   Fax:   06196 409607
Mergenthalerallee 45-47	
D-65760 Eschborn