[Date Prev][Date Next]
Re: slapd and permissions
Jernej Kos wrote:
I am trying to get this working:
access to dn="ou=Domains,uid=(.*),ou=Drones,dc=unimatrix-one,dc=org"
by dn="cn=root,dc=unimatrix-one,dc=org" write
by dn="cn=borgd,dc=unimatrix-one,dc=org" write
by dn="uid=$1,ou=Drones,dc=unimatrix-one,dc=org" write
by * read
But it is just being ignored (users still don't have write permission). What
is wrong ?
depending on the version of the code you're running, this can either be
or right. In 2.1, this should be almost fine; in 2.2 it's definitely
the default for DN match in <who> clauses has moved from "regex" to "exact",
and your third <who> clause doesn't do what you expect. This is very well
documented in the slapd.access(5) man page that accompanies the code in each
version (I wrote it myself, so I know it quite well) and it is a clear
that default should never be trusted (I think they'll be removed at some
It has also been mentioned many times on the mailing lists because it is
source of errors.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497