[Date Prev][Date Next] [Chronological] [Thread] [Top]

problem with access control

To: openldap-software@OpenLDAP.org
Subject: problem with access control
From: Ottavio Campana <ottavio@campana.vi.it>
Date: Mon, 08 Mar 2004 18:02:33 +0100
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031221 Thunderbird/0.4

I'm trying to set up an address book with ldap. I want that one user (in this case uid=bott,ou=Users,dc=campana,dc=vi,dc=it) can access the address book with password and read and write it, while any other person cannot give a look at the records.

I've tried this rule in slapd.conf:


access to dn.subtree="ou=Ottavio,ou=Rubriche,dc=campana,dc=vi,dc=it"
        by dn="uid=bott,ou=Users,dc=campana,dc=vi,dc=it" read
        by dn="uid=bott,ou=Users,dc=campana,dc=vi,dc=it" write
        by * none

but it doesn't work, for if a run ldapsearch anonymously I can get all the infos of the address book.

What's wrong with it?

--
Non c'è più forza nella normalità, c'è solo monotonia.

Follow-Ups:
- Re: problem with access control
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: slurpd and tls=yes: will it die if it can't do TLS?
Next by Date: Re: IP based ACL
Index(es):
- Chronological
- Thread