[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl usage



Hello,

Your ACLs seem to be right.  It must be that for some reason the regex 
which you specified does not match and therefore the last ACL is used.  A 
typo somewhere?  Try running the server with loglevel set for ACL 
processing (128) and see what happens.  BTW, your users are not able to 
read their records either.  I suppose you should insert "by self read" in 
the second ACL.  Also, perhaps the last ACL is too open.  It is not 
considered to be a good practice to allow access "to everything else".  Of 
course, this depends on your needs.

Hth,

Dejan

Please respond to Harry Hoffman <h.hoffman@auckland.ac.nz> 
Sent by:        owner-openldap-software@OpenLDAP.org
To:     openldap-software@OpenLDAP.org
cc: 
Subject:        acl usage


Hi All,
    I'm trying to setup ACL's for our openldap-2 server. The acl's look 
like 
this:
access to attr=userPassword
        by self write
        by anonymous auth
        by * auth
access to dn=".*,ou=People,o=The University of Auckland,c=NZ"
       by anonymous auth
       by * auth
access to *
        by self write
        by users read
        by * read

I'm trying to set the acl's so that an anonymous user can authenticate to:
"uid=user,ou=People,o=The University of Auckland,c=NZ"
but not actually read any other attributes from there.
Can anyone tell me what I'm doing wrong?

Thanks,
Harry