[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd and permissions



So, how would the conf directive look like ? Something like: 

access to dn.regex="ou=Domains,uid=(.*),ou=Drones,dc=unimatrix-one,dc=org" 
attrs=children
        by dn.regex="uid=$1,ou=Drones,dc=unimatrix-one,dc=org" write
        by * read

?

And how do i "and to the pseudoattribute "entry" of the entry you want to 
add" ?

On Saturday 10 of April 2004 12:38, Pierangelo Masarati wrote:
> Jernej Kos wrote:
> >Well, i would like that users would be able to add or change all objects
> > below their "Domains".
>
> you need to explicitly add write access to the pseudo attribute
> "children" of the
> parent entry, and to the pseudoattribute "entry" of the entry you want
> to add.
>
> See also http://www.openldap.org/faq/data/cache/189.html
>
> >Where can i get slapd.access of 2.2
>
> In 2.2 sources; from the CVS; ...
>
> >(there is only 2.1 on
> >openldap.org site).
> >
> >On Friday 09 of April 2004 15:38, Pierangelo Masarati wrote:
> >>OK.  Now you should specify what kind of write access you need and you
> >>don't get
> >>with this ACL.  In slapd.acces(5) of 2.2 you'll find a clear description
> >>of the
> >>access level you need to each portion of an entry for each operation.
> >> You should
> >>also indicate what identity you're using; you could look at logging with
> >>level 16 (ACL)
> >>to see whhere in the ACL check your access fails.
>
>     SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

-- 
Kostko <kostko@jweb-network.net>
JWeb-Network