Re: ACL for only creating entry

[Ace Suares <ace@suares.nl>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Pierangelo,

do you consider yourself an ACL expert ? (For all I know, you might have 
invented ACL's ! I am just a beginner (still, after one year fighting with 
it) ).

Because, I tested once again the following ACL's and it allowed me to create 
an entry, but not read it.

If you are such an expert and know for sure that 'attrs=entry' is meaningless, 
in this case, please be so kind an explain to me WHY. It seems to work. Maybe 
my test setup is wrong - that happened to me before.

I haven't tested your suggestion yet (setting =xcsw) but previous test that I 
did turned out to always include r if you set w.

_Ace

# Allow read access of root DSE to ALL
access to dn=""
 	by * read
#Allow read access of 'cn=Subschema' to ALL
access to dn="cn=Subschema"
	by * read

access to
	dn.regex="^qwidoManager=.+,qwidoRole=qwidoManager,qwidoApp=qwido$"
	attrs=entry
 	by dn.exact="qwidoApp=qwido" write
 	by * none

access to dn.regex=".*,qwidoRole=qwidoManager,qwidoApp=qwido$"
	by * none

access to dn.base="qwidoRole=qwidoManager,qwidoApp=qwido" attrs=children
 	by dn.exact="qwidoApp=qwido" write
 	by * none

access to dn.base="qwidoRole=qwidoManager,qwidoApp=qwido"
 	by dn.exact="qwidoApp=qwido" write
 	by * none

access to dn.regex=".*,qwidoApp=qwido$"
 	by * none

access to dn.base="qwidoApp=qwido" attrs=userpassword
 	by self read
 	by anonymous auth
 	by * none

access to dn.base="qwidoApp=qwido" attrs=children
 	by dn.exact="qwidoApp=qwido" write
 	by * none

access to dn.base="qwidoApp=qwido"
	by self read
 	by * none

access to *
	by * none



Greetings,
ace

website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/3dGky7boE8xtIjURAjBVAJ4i373NR4oCi/T3QZQ9szYSm1fksgCfRihZ
UhiXqowHe9bmC13TO+Leij0=
=S840
-----END PGP SIGNATURE-----