[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL issue with dnattr

To: Michael Donnelly <donnelly@sendmail.com>
Subject: Re: ACL issue with dnattr
From: Michael Donnelly <donnelly@sendmail.com>
Date: Wed, 27 Mar 2002 15:21:59 -0800
Cc: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
References: <200203211814.TAA03827@taz.wiwo.nl> <3CA24825.7050009@sendmail.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1

A little more clarification.

a) The owners are set on children of ou=exampleGroups, not on the OU entry. b) I cannot remove a child entry when bound with the DN (as stored in owner) for that child entry.

Michael Donnelly wrote:

I've included the following ACL into my slapd.conf file.
access to dn=".*,ou=exampleGroups,dc=([^,]+),dc=([^,]+)"
       by dnattr=owner write
       by * read
access to ou=exampleGroups,dc=([^,]+),dc=([^,]+)"
       by dnattr=owner write
       by * read
With this, I've found no problems editing an existing entry under ou=exampleGroups,dc=foobar,dc=com when bound with the DN of an owner. (No other ACL grants the bound connection any rights other than read.)

However, I am unable to delete the entry when bound as the owner. I'm running OpenLDAP 2.0.23
Is this a bug?
Is there a work-around?

Follow-Ups:
- RE: ACL issue with dnattr
  - From: "Howard Chu" <hyc@highlandsun.com>

References:
- ACL confusion
  - From: M.vanDorp@wiwo.nl
- ACL issue with dnattr
  - From: Michael Donnelly <donnelly@sendmail.com>

Prev by Date: ACL issue with dnattr
Next by Date: RE: ACL issue with dnattr
Index(es):
- Chronological
- Thread