[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [LDAP-SOFTWARE] ACLand regex (matching self)

> 1. is it normal that these things (whatever they are) need to be defined by
> me, the admin (or user if you prefer) ?
> 2. if so, where can I find a list of all the things I need to give ACL's
> for ?
> I am totally flabbergasted. I can't find any reference to these 'things' in
> any of the standard docs (man pages and admin guide).

I found something on a mialing list for redhat 7.2

# Sample Access Control
#       Allow read access of root DSE
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#access to dn="" by * read
#access to *
#       by self write
#       by users read
#       by anonymous auth

Of course, only the first acl is interesting:
#Allow read access of root DSE
access to dn="" by * read

I put the in my ACL, but then the next thing that went wrong is:

Feb 25 03:10:04 curacao slapd[864]: => access_allowed: search access to 
"cn=Subschema" "objectClass" requested

So, now I suspect that somewhere a DN 'cn=Subschema' must exist. But, that is 
not in the root DSE anymore, if I understand this correctly. Do I need to 
make these dn's or are they 'system' dn's ?


PS This seems to be a problemwith GQ (0.4.0) because with ldapexplorer these 
subschema's are not requested.