[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL the 3rd try...

To: "Openldap list" <openldap-software@OpenLDAP.org>
Subject: Re: ACL the 3rd try...
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 30 Jun 2004 15:13:27 +0200 (CEST)
Importance: Normal
In-reply-to: <1088597728.9203.74.camel@localhost>
References: <14687.1088518798@www17.gmx.net> <38804.131.175.154.56.1088522026.squirrel@131.175.154.56> <1088597728.9203.74.camel@localhost>
User-agent: SquirrelMail/1.4.3a-1

> tir, 29.06.2004 kl. 17.13 skrev Pierangelo Masarati:
> [...]
>
>
>> More sane ACLs would look like:
>>
>> ## let users read userPassword in order to Auth
>> access to dn.subtree="ou=produktion,o=adressbuch,dc=abmas,dc=biz"
>>         attr=userPassword
>>     by self =xw
>>     by anonymous auth
>
> ... by * none

implicit;

>
>> ## Allow Manager to write everything under production.
>> ## Allow self to write
>> ## rest read access
>> access to dn.subtree="ou=produktion,o=adressbuch,dc=abmas,dc=biz"
>>     by self write
>>     by * read
>
> I've found (recent OL versions) that I have to give write permission to
> the root dn as well as the subtree (a separate ACL) to be able to write.

implicit.

If not, it's a bug.  Please provide evidence against latest,
possibly by the ITS.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

References:
- ACL the 3rd try...
  - From: "Mario Ohnewald" <mario.Ohnewald@gmx.de>
- Re: ACL the 3rd try...
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: ACL the 3rd try...
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: Re: Building an LDAP database "for dummies"
Next by Date: Re: Building an LDAP database "for dummies"
Index(es):
- Chronological
- Thread