[Date Prev][Date Next]
Re: Newbie Question on access control
--On Friday, July 02, 2004 4:21 PM -0700 Rob Tanner <firstname.lastname@example.org>
I am going to be moving from the Netscape commercial server to OpenLDAP,
and while I have the ACIs in Netscape down pretty well, I'm having a bit
of trouble duplicating the access on OpenLDAP.
Right off the bat, I want to grant read access to everybody to those
entries in the "ou=people,o=linfield.edu" subtree, but I need to restrict
access to that students who have elected to keep directory info private
don't have LDAP entries that are generally readable.
Here's the access rule I wrote:
access to dn.subtree="ou=people,o=linfield.edu"
by * read
The effect of the access rule, however, is to deny access to all entries.
What am I doing wrong?
We did this same migration at Stanford.
I suggest reading my web pages:
BTW, you should really change your root DN to "dc=linfield,dc=edu"
I'd be happy to provide further assistance if you have more questions after
reading my pages.
Principal Software Developer
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html