[Date Prev][Date Next] [Chronological] [Thread] [Top]

slapd.conf Access Question

I just wanted to take a moment to thank everyone who has answered my questions.  You have really helped get my LDAP project off the ground.

However, now another question has arisen.

In the slapd.conf file, I am trying to set-up the access rights so my administrators don't need to authenticate using the rootdn.

My access rules are as follows:

access to attr=userPassword
        by self write
        by anonymous auth
        by dn.base="cn=Admins,o=myorg,c=us" write
        by * none

access to *
        by self write
        by dn.base="cn=Admins,o=myorg,c=us" write
        by * read

cn=Admins,o=myorg,c=us being an organization role with several roleoccupant attributes, each one containing a DN of a directory administrator.

It appears that the 1st access rule is working correctly, since people in the group can see and manage the password while people outside the group can not see the attribute, however the second access rule is not working at all.   It appears that everyone only has read access except the rootdn of course.  

Thanks again.