[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL the 3rd try...

To: Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: ACL the 3rd try...
From: Tony Earnshaw <tonye@billy.demon.nl>
Date: Wed, 30 Jun 2004 14:15:28 +0200
In-reply-to: <38804.131.175.154.56.1088522026.squirrel@131.175.154.56>
Organization: Billy
References: <14687.1088518798@www17.gmx.net> <38804.131.175.154.56.1088522026.squirrel@131.175.154.56>

tir, 29.06.2004 kl. 17.13 skrev Pierangelo Masarati:
[...]


> More sane ACLs would look like:
> 
> ## let users read userPassword in order to Auth
> access to dn.subtree="ou=produktion,o=adressbuch,dc=abmas,dc=biz"
>         attr=userPassword
>     by self =xw
>     by anonymous auth

... by * none

> ## Allow Manager to write everything under production.
> ## Allow self to write
> ## rest read access
> access to dn.subtree="ou=produktion,o=adressbuch,dc=abmas,dc=biz"
>     by self write
>     by * read

I've found (recent OL versions) that I have to give write permission to
the root dn as well as the subtree (a separate ACL) to be able to write.

--Tonni

-- 

We make out of the quarrel with others rhetoric
but out of the quarrel with ourselves, poetry.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl

Follow-Ups:
- Re: ACL the 3rd try...
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- ACL the 3rd try...
  - From: "Mario Ohnewald" <mario.Ohnewald@gmx.de>
- Re: ACL the 3rd try...
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: Building an LDAP database "for dummies"
Next by Date: How to log in syslog TLS connections?
Index(es):
- Chronological
- Thread