[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd.conf - acl question


On Thursday 18 September 2003 19:31, Douglas B. Jones wrote:
> My main concerns here are:
> 1) why is the key word 'entry' not mentioned in the doc?

man slapd.access

slapd.acess (5) is the man page that explains the access controls
statements in slapd.conf in detail.

> 2) what is its' significance?

"access to the entry itself"
Other directory servers call this kind of access "Browse Rights"

> 3) should I not be using it and doing this another way?

Why ? It is a documented part of the access control system.

> 4) the fact that it does return a dn, is that a security problem?

It allows browsing the DIT where you allow it.
If the DNs in parts of your DIT contain confidential information you should 
restrict access to this part of the DIT (including the entry pseudo 
attributes) to truested users


Peter Marschall
eMail: peter@adpm.de