[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: slapd.conf - acl question

To: OpenLDAP-software@OpenLDAP.org
Subject: RE: slapd.conf - acl question
From: "Douglas B. Jones" <douglas@gpc.edu>
Date: Thu, 18 Sep 2003 13:31:32 -0400
Cc: Douglas B Jones <douglas@gpc.edu>
Importance: Normal
In-reply-to: <PHEKJLKKDLGCAEJLJPHMGEJJCBAA.douglas@gpc.edu>

Hi,

Two things. My main point in my earlier posting was that the logs
appeared to say that search was working fine, just that read was not.
>From looking at the logs, it always bothered me that it said attribute
'entry'. I always took that it was referring to what I was looking for,
not 'entry' it self. I added 'entry' to the access and everything works
fine, even with just the one access rule I gave earlier. I went back to
the slapd.conf(5) page and found nothing on 'entry' except in reference
to entry in a generic use. I do not even find anything about it in the
examples. Am I wrong in using this? I tried look for other attributes
besides the ones I was giving access to and it would not return them,
but return did return the dn. This would basically say that the dn
exists, but that the attribute was not returned. Even if I put in a
bogus attribute, it would still say the dn existed, but would not
give anything for the attribute.

My main concerns here are:

1) why is the key word 'entry' not mentioned in the doc?
2) what is its' significance?
3) should I not be using it and doing this another way?
4) the fact that it does return a dn, is that a security problem?

Thanks,
Cheers,
Douglas
-----Original Message-----
From: owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Douglas B.
Jones
Sent: Thursday, September 18, 2003 1:06 PM
To: Greg Matthews
Cc: OpenLDAP-software@OpenLDAP.org; Douglas B Jones
Subject: RE: slapd.conf - acl question



Hi,

Ok, thanks. I shall.

Cheers,
Douglas

-----Original Message-----
From: Greg Matthews [mailto:gmatt@nerc.ac.uk]
Sent: Thursday, September 18, 2003 10:45 AM
To: Douglas B. Jones
Cc: OpenLDAP-software@OpenLDAP.org
Subject: RE: slapd.conf - acl question


On Thu, 2003-09-18 at 14:11, Douglas B. Jones wrote:

> 
> You mentioned I need search access. From my interpretation of the logs
> (see below) I had that, just not read. Am I interpreting them wrong?
> 

no, I said 'probably'. try reading and experimenting some more.


-- 
Greg Matthews
iTSS Wallingford	01491 692445

Follow-Ups:
- Re: slapd.conf - acl question
  - From: Peter Marschall <peter@adpm.de>

References:
- RE: slapd.conf - acl question
  - From: "Douglas B. Jones" <douglas@gpc.edu>

Prev by Date: RE: slapd.conf - acl question
Next by Date: High volume ldap queries causing corruption in bdb backend.
Index(es):
- Chronological
- Thread