[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to permit access to some attributes

--On Tuesday, April 06, 2004 5:34 PM +0200 "José M. Fandiño" <ldap@fadesa.es> wrote:

However, A question that remains unanswered for me, and perhaps
someone on the list can explain it, is what's the difference between
using "attrs=userPassword" (in a typical password access restriction
ACL) and "attrs=mail" (in my ACL). Why I need add "entry" for mail
and not for userPassword.

You don't exactly need "entry" for mail, you need "entry" for any attributes in an entry. Once you have the access to "entry" granted, and further ACL's for other attributes will pick that up as well. Which is why I make that ACL an individual one near the top of my ACL's.


Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html