[Date Prev][Date Next] [Chronological] [Thread] [Top]

Simple ACL problem

To: OpenLDAP-software@OpenLDAP.org
Subject: Simple ACL problem
From: Darren Gamble <Darren.Gamble@sjrb.ca>
Date: Mon, 24 Mar 2003 09:45:47 -0700
Content-return: allowed

Good day,

I'm just trying to set up a simple ACL that lets users look at their own
attributes, change their passwords, and not have access to the LDAP tree
outside of the accounts subtree.

The ACL works, except that for some reason users can't modify their own
passwords (the admin user can, though), instead getting an error 32 (no such
object).  As near as I can tell, the ACL _is_ set up properly, according to
5.3 in the 2.0 Admin Guide.

Does anyone see the error?  Using 2.0.27 on Red Hat 7.2 (we'll be upgrading
to 2.1.X in the near future).


access to attr=userPassword
        by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
        by self write
        by * auth

access to dn.subtree="ou=Accounts,o=Shaw Cablesystems,c=CA"
        by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
        by * read

access to *
        by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
        by self read
        by * none



Thanks in advance,

============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948

Follow-Ups:
- Re: Simple ACL problem
  - From: eculp@encontacto.net

Prev by Date: Re: Auto-Increment
Next by Date: beyond descriptor table size error
Index(es):
- Chronological
- Thread