[Date Prev][Date Next]
Re: [LDAP-SOFTWARE] ACLand regex (matching self)
> No it is not the same thing. It looks like you are using 2.0 and I'm using
> 2.1, so I don't think it applies in your case. Anyhow, as I noted, "entry"
> doesn't exist in anything, therefore giving read to entry by * does nothing
> security wise. However, if I wanted to say, give access to uid, and
> someone didn't have access to read entry, they couldn't read the contents
> of uid, even if I said access to uid by * read. I also have the dn."" read
> entry in my slapd.conf. I still required the access to entry by * read bit
> as well.
Yes, I am using 2.0...
And no, it's not getting any clearer... My openldap 1.3 with qmail-ldap works
fantastically, though, for the past two or 3 years. Now, after all this
confusion, I am really doubting if I should upgrade (to 2.0.27 that is, let
alone 2.1.x !)
Actually, due to incomprehensible ACL's, I have dropped the project in October
2002 only to return to it in February 2003, with much the same frustrations
and, although I feel I am lot closer to a solution, still without a working
version. The persons who ' own' me are getting weary of my excuses, and ask
me to either install the previous working version, or just leave out all
ACL's. The latter might be really secure ;-) since all the traffic comes from
Anyway, I am getting a good nights sleep and tomorrow we'll see again.