[Date Prev][Date Next]
Re: [LDAP-SOFTWARE] ACLand regex (matching self)
> 1. is it normal that these things (whatever they are) need to be defined by
> me, the admin (or user if you prefer) ?
> 2. if so, where can I find a list of all the things I need to give ACL's
> for ?
> I am totally flabbergasted. I can't find any reference to these 'things' in
> any of the standard docs (man pages and admin guide).
I found something on a mialing list for redhat 7.2
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
Of course, only the first acl is interesting:
#Allow read access of root DSE
access to dn="" by * read
I put the in my ACL, but then the next thing that went wrong is:
Feb 25 03:10:04 curacao slapd: => access_allowed: search access to
"cn=Subschema" "objectClass" requested
So, now I suspect that somewhere a DN 'cn=Subschema' must exist. But, that is
not in the root DSE anymore, if I understand this correctly. Do I need to
make these dn's or are they 'system' dn's ?
PS This seems to be a problemwith GQ (0.4.0) because with ldapexplorer these
subschema's are not requested.