[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd.conf Access Question

To: openldap-software@OpenLDAP.org
Subject: slapd.conf Access Question
From: "Mike Carpenter" <MCarpenter@roadwaynextday.com>
Date: Fri, 6 Jun 2003 10:16:02 -0400

I just wanted to take a moment to thank everyone who has answered my questions. You have really helped get my LDAP project off the ground.

However, now another question has arisen.

In the slapd.conf file, I am trying to set-up the access rights so my administrators don't need to authenticate using the rootdn.

My access rules are as follows:

access to attr=userPassword
by self write
by anonymous auth
by dn.base="cn=Admins,o=myorg,c=us" write
by * none

access to *
by self write
by dn.base="cn=Admins,o=myorg,c=us" write
by * read

cn=Admins,o=myorg,c=us being an organization role with several roleoccupant attributes, each one containing a DN of a directory administrator.

It appears that the 1st access rule is working correctly, since people in the group can see and manage the password while people outside the group can not see the attribute, however the second access rule is not working at all. It appears that everyone only has read access except the rootdn of course.

Thanks again.

Follow-Ups:
- Re: slapd.conf Access Question
  - From: M Butcher <mbutcher@grcomputing.net>

Prev by Date: Re: replication having multiple backends
Next by Date: Fw: slapd.conf Access Question
Index(es):
- Chronological
- Thread