[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Am I still struggling with ACLs?

To: Quanah Gibson-Mount <quanah@stanford.edu>
Subject: Re: Am I still struggling with ACLs?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Fri, 16 Jul 2004 12:42:28 -0700
Cc: Josiah Ritchie <jritchie@bible.edu>, OpenLDAP List <openldap-software@OpenLDAP.org>
In-reply-to: <1F0D0AB3E1E2C1072B9E1CD0@cadabra.stanford.edu>
References: <1090004029.10844.91.camel@penguin> <1F0D0AB3E1E2C1072B9E1CD0@cadabra.stanford.edu>

At 12:17 PM 7/16/2004, Quanah Gibson-Mount wrote:


>--On Friday, July 16, 2004 2:53 PM -0400 Josiah Ritchie <jritchie@bible.edu> wrote:
>
>>// I'm using the following ACLs:
>>
>>access to attr=userPassword
>>        by dn.base="cn=Manager,dc=cougarnet,dc=bible,dc=edu" write
>>        by group.exact="cn=Domain 
>Admins,ou=Groups,dc=cougarnet,dc=bible,dc=edu" write
>>        by self write
>>        by anonymous auth
>>        by * none break
>
>How about by * break

or just drop the clause (and rely on the implicit "by * none stop").
The break causes access for the remainder of the subjects
(e.g., *) to be dependent on subsequent access directives,
which seems pointless in this case.


>>access to *
>>        by dn.base="cn=Manager,dc=cougarnet,dc=bible,dc=edu" write
>>        by group.exact="cn=Domain 
>Admins,ou=Groups,dc=cougarnet,dc=bible,dc=edu" write
>>        by self write
>>        by * read
>
>
>--Quanah
>
>--
>Quanah Gibson-Mount
>Principal Software Developer
>ITSS/Shared Services
>Stanford University
>GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Am I still struggling with ACLs?
  - From: Josiah Ritchie <jritchie@bible.edu>
- Re: Am I still struggling with ACLs?
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: Am I still struggling with ACLs?
Next by Date: Re: >= (greater or equal) and <= (lower or equal) operators in
Index(es):
- Chronological
- Thread