[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to permit access to some attributes

--On Friday, April 02, 2004 2:27 PM +0200 Tony Earnshaw <tonye@billy.demon.nl> wrote:

fre, 02.04.2004 kl. 12.21 skrev José M. Fandiño:


first of all thank you for help me with this, you are the only
man in the list who try to resolve the problem.

Hmmm ... can't let that pass :)

access to attrs=userPassword
        by self write
        by dn.exact="cn=admin,ou=users,dc=domain" write
        by anonymous auth

Specify a base:

access to dn="dc=fadesa,dc=es"
  by self write
  by dn="cn=admin,(whatever it is)" write
  by anonymous auth
  by * none

Yeah, that is the example he was looking at though, not the acl he's currently using:

access to dn.children="dc=fadesa,dc=es" attrs=objectclass,mail by * read

is his current one (see output).

Also, it is attrs= not attr= :)


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html