[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: probably simple acl problem

man, 2002-11-25 kl. 13:13 skrev Kuba Leszewski:

> I added some entries to the ldaptree and want to use one of them as a 
> "super-user".
> I mean I want to add more entries authenticating as this user.

I have a "super user", he's called Admin. He's allowed to do everything
but see or touch Manager, who's the real boss.

But he has to authenticate first, obviously. so do:

> access to dn="(.*,)*,dc=mydomain,dc=com"
	   by anonymous auth <----
>          by dn="uid=mylogin,ou=People,dc=ce3,dc=pl" write

Then for Manager I have:

access to dn="cn=Manager,dc=mydomain,dc=com"
        by anonymous auth
        by * none

(Because Manager is the person in slapd.conf and he doesn't need any
> access to attr=userPassword
>          by self write
>          by anonymous auth
>          by * none
> access to *
>          by self write
>          by users read

access to * above means to everything else, so your last bit isn't

After this, you can play around with ACLs to your heart's content :-)
It's good fun.




Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl