[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl usage


Your ACLs seem to be right.  It must be that for some reason the regex 
which you specified does not match and therefore the last ACL is used.  A 
typo somewhere?  Try running the server with loglevel set for ACL 
processing (128) and see what happens.  BTW, your users are not able to 
read their records either.  I suppose you should insert "by self read" in 
the second ACL.  Also, perhaps the last ACL is too open.  It is not 
considered to be a good practice to allow access "to everything else".  Of 
course, this depends on your needs.



Please respond to Harry Hoffman <h.hoffman@auckland.ac.nz> 
Sent by:        owner-openldap-software@OpenLDAP.org
To:     openldap-software@OpenLDAP.org
Subject:        acl usage

Hi All,
    I'm trying to setup ACL's for our openldap-2 server. The acl's look 
access to attr=userPassword
        by self write
        by anonymous auth
        by * auth
access to dn=".*,ou=People,o=The University of Auckland,c=NZ"
       by anonymous auth
       by * auth
access to *
        by self write
        by users read
        by * read

I'm trying to set the acl's so that an anonymous user can authenticate to:
"uid=user,ou=People,o=The University of Auckland,c=NZ"
but not actually read any other attributes from there.
Can anyone tell me what I'm doing wrong?