[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: PAM-Authentication / ACL

fre, 2002-08-30 kl. 10:13 skrev Jan-Philipp Mayer:

> If I set my ACL to "access to * by * read" it works but with 

> access to attr=userPassword
>         by self write
>         by anonymous auth
>         by dn="cn=Manager,dc=mrball,dc=net" write
>         by * none

> access to attr=dn,objectclass,loginShell,objectClass,o,entry,uidNumber,gidNumber,dc,uid
>         by anonymous read
>         by * read

> access to *
>         by self read
>         by users read
>         by anonymous auth

B: is fine, and what I myself have - more or less, since Manager's not
allowed a even sniff in anything of mine.

An awful lot of what you've got in C: just doesn't make sense. A number
of the attributes won't work if you deny them and others aren't even
attributes. Read the "access to" line again thoroughly and with a bit of
luck you'll see why.

Rewrite C: adding one attribute at a time and restart slapd until what
you want doesn't work any more. Delete "by anonymous read" and keep "by
* read". For example, obviously nothing in C: will work if you exclude
"dn" as "attribute" (which it isn't, it's the dn!), so start thinking

Change D: to "by * read", until C: works.




Tony Earnshaw

The usefulness of RTFM is vastly overrated.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl
gpg public key:	http://www.billy.demon.nl/tonni.armor

Telefoon:	(+31) (0)172 530428
Mobiel:		(+31) (0)6 51153356

GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981

Attachment: signature.asc
Description: Dette er en digitalt signert meldingsdel