[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL issues

John Madden wrote:

I've been fighting with ACL's for about a week now, and I've gotten
nowhere with them.

Join the club!! I just got through a heavy wrestling match with slapd
ACLs, and it was all due to replication issues!!!!

 access to *
   by self write
   by users read

I think anonymous need "auth" access to *??
access to *
   by self write
   by anonymous auth
   by users read

However, this ACL actually doesn't allow a successfully-authenticated dn
to write to his own entry at all, and I can't figure out why. What's even
more odd is that he *can* read his own userPassword attribute and no one
else's, leading me to assume that they're at least working partially. I
guess that makes the situation even more puzzling. Any ideas?

What happens when you try to modify your own record? Is it "insufficient access",
"No such object" ...?

I'll have follow-up questions (I can't get 'access to dn.subtree' to work
either), but I guess this would be a better place to start...

I've got a working dn.subtree (finally) :)