[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL



Emmanuel Blot wrote:

access to *
by * read



Yes, it works. The problem is that if this line does not appear at the end of the file, I get the 'entry' attribute issue. Is this rule always required ?

I'm frightened to forget one of the above rules in the ACL definition and that some important
attributes could therefore be read by anyone...

I've tried to reduce this final rule to

access to *
 by * search

and it fails.

Thanks,
Emmanuel.

I think it's stated in the admin guide that giving access to "attr=..." you will have to
add access to "entry" which refers to the ldap entry (thought as a row in a RDBMS db)
itself. Try reading again the chapter about ACL in the admin guide.


hth,
mitu