[Date Prev][Date Next]
Re: OpenLDAP 2.1 and ACL
søn, 2003-01-26 kl. 23:18 skrev Emmanuel Blot:
> I tried an alternaltive: to use group access, as documented.
Not =quite= as documented. Ihave everything you set up, just as you set
it up, with one difference - and mine works :-)
> access to attr=userPassword
> by group="cn=administrators,ou=Anciens,o=ANIENIB,c=FR" write
> by self write
> by * auth
"by * auth" means "by users auth". Users are those who are already
authenticated. But the can't authenticate unless they can do that as
anonymous entities, i.e. before they're authenticated.
So: It should be "by anonymous auth".
When all's said and done ...
there's nothing left to say or do.