[Date Prev][Date Next]
Re: ACL question
> Why is the to empty ? I'm not sure it's the problem but you shall write
> "access to * attr=userPassword"
> consider reading slapd.access man page
Actually, the "*" in that rule is implicit. The "*" is a special value of
the "dn" pattern, and the "dn", the "filter" and the "attrs" forms can
appear in combination, to restrict the match. At least one must be
present, so the "*" is implied if no pattern is given, as well as all
attributes are implied if no "attrs" is given, and a filter of
"(objectClass=*)" is implied if no filter is given. This is discussed at
the end of the "<what>" section of slapd.access(5):
The dn, filter, and attrs statements are additive; they can be used
sequence to select entities the access rule applies to based on
context, value and attribute type simultaneously.
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497