[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: Access Control



Hi All
   Anyone who can give info on the following access control query? (see
below)
Thanks in advance
  Kiran
   

-----Original Message-----
From: Kiran Bacche 
Sent: Thursday, May 15, 2003 1:50 PM
Cc: openldap-software@OpenLDAP.org
Subject: Access Control



I am using openlapd on redHat Linux 8.0
Rootdn is "o=mydomain.com"

And I have three entries under it.

Entry 1. "ou=Unit1, o=mydomain.com"
Entry 2. "ou=Unit2, o=mydomain.com"
Entry 3. "ou=Unit3, o=mydomain.com"

All three have userPassword attr, set thru ldappasswd utility.

Now how shud the access control in slapd.conf be so that

A)  lapdmodify -h localhost -D "ou=Unit1, o=mydomain.com" -x -w
passForUnit1 -f x.ldif
   should allow modification of Entry 1.
   But lapdmodify -h localhost -D "ou=Unit2, o=mydomain.com" -x -w
passForUnit2 -f x.ldif
   or lapdmodify -h localhost -D "ou=Unit3, o=mydomain.com" -x -w
passForUnit3 -f x.ldif
   should not.

x.ldif contains
dn: ou=Unit1, o=mydomain.com
Ou: Unit1
objectClass: organizationalUnit

B) Any one can serach the ldap database, but they have to authenticate
with their respective passwords. 


I thought of something like this
  access * 
       by dn="o=mydomina.com" write
       by self write
       by * read  

But this did not help at all!

Thanx
  Kiran

**************************Disclaimer************************************

Information contained in this E-MAIL being proprietary to Wipro Limited
is 
'privileged' and 'confidential' and intended for use only by the
individual
 or entity to which it is addressed. You are notified that any use,
copying 
or dissemination of the information contained in the E-MAIL in any
manner 
whatsoever is strictly prohibited.

************************************************************************
***


**************************Disclaimer************************************

Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' and 'confidential' and intended for use only by the individual
 or entity to which it is addressed. You are notified that any use, copying 
or dissemination of the information contained in the E-MAIL in any manner 
whatsoever is strictly prohibited.

***************************************************************************