[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL

To: Emmanuel Blot <emmanuel.blot@free.fr>
Subject: Re: OpenLDAP 2.1 and ACL
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 27 Jan 2003 13:21:02 +0100
Cc: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>, openldap-software@OpenLDAP.org
In-reply-to: <0ad801c2c588$d25cb3b0$0f06a8c0@oulx>
Organization:
References: <016801c2ba8c$5f5cf2f0$0f06a8c0@oulx> <HBF.20030113kanr@bombur.uio.no><013f01c2bfe5$fa31f830$0f06a8c0@oulx> <HBF.20030121c88n@bombur.uio.no> <0ad801c2c588$d25cb3b0$0f06a8c0@oulx>

søn, 2003-01-26 kl. 23:18 skrev Emmanuel Blot:

> I tried an alternaltive: to use group access, as documented.

Not =quite= as documented. Ihave everything you set up, just as you set
it up, with one difference - and mine works :-)

> access to attr=userPassword
>        by group="cn=administrators,ou=Anciens,o=ANIENIB,c=FR" write
>        by self write
>        by * auth

"by * auth" means "by users auth". Users are those who are already
authenticated. But the can't authenticate unless they can do that as
anonymous entities, i.e. before they're authenticated.

So: It should be "by anonymous auth".

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Follow-Ups:
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>

References:
- OpenLDAP 2.1 and filters
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>
- Re: OpenLDAP 2.1 and filters
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>
- Re: OpenLDAP 2.1 and ACL
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>

Prev by Date: Re: Monitor Backend + web Graphs
Next by Date: Changing a dog into a tree with back-ldap
Index(es):
- Chronological
- Thread