[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to permit access to some attributes

To: openldap-software@OpenLDAP.org
Subject: Re: ACL to permit access to some attributes
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 06 Apr 2004 12:48:49 -0700
Content-disposition: inline
In-reply-to: <4072CDEE.EC03E5E4@fadesa.es>
References: <406852D1.17DBB92B@fadesa.es> <2676543445.1080555809@cadabra.stanford.edu> <4069B1E0.3FFC53A@fadesa.es> <2761852313.1080641120@cadabra.stanford.edu> <406AAEA3.8FBFF216@fadesa.es> <65169568.1080726736@cadabra.stanford.edu> <406C438F.5B39E4AA@fadesa.es> <310260340.1080815810@cadabra-dsl.stanford.edu> <406D3EB1.29433DCB@fadesa.es> <244212939.1080905783@cadabra.stanford.edu> <4072CDEE.EC03E5E4@fadesa.es>

--On Tuesday, April 06, 2004 5:34 PM +0200 "José M. Fandiño" <ldap@fadesa.es> wrote:

However, A question that remains unanswered for me, and perhaps
someone on the list can explain it, is what's the difference between
using "attrs=userPassword" (in a typical password access restriction
ACL) and "attrs=mail" (in my ACL). Why I need add "entry" for mail
and not for userPassword.

You don't exactly need "entry" for mail, you need "entry" for any attributes in an entry. Once you have the access to "entry" granted, and further ACL's for other attributes will pick that up as well. Which is why I make that ACL an individual one near the top of my ACL's.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>

Prev by Date: Re: ldap_sasl_interactive_bind_s: Unknown authentication method (86)
Next by Date: RE: ldap_sasl_interactive_bind_s: Unknown authentication method (86)
Index(es):
- Chronological
- Thread