[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slurp, master & slave issues

On 28-Oct-04, at 11:56 AM, Pierangelo Masarati wrote:

2) add rules that allow "cn=Replicator,dc=example,dc=com" to write
anything, like

I thought about this, but I actually had no rules in place to begin with while testing. Does the lack of rules mean an implicit deny to everything from anyone except the rootdn or does the lack of rules imply permit to everything from anyone?

As stated in the default slapd.conf provided in the tar ball:

    # if no access controls are present, the default policy
    # allows anyone and everyone to read anything but restricts
    # updates to rootdn.  (e.g., "access to * by * read")
    # rootdn can always read and write EVERYTHING!

I just copied these lines verbatim in slapd.conf(5) and slapd.access(5).

Ok, I feel stupid.

# first rule ever: in case identity doesn't match
# control is passed to following rules, without giving any access
access to *
   by dn.exact="cn=Replicator,dc=example,dc=com" write
   by * none break

# other access rules...

You may start with the above, and play with slapd.access(5) to work out
what you need.  Make sure you first read the related bits in the
Administrator's Guide.


Pierangelo Masarati

SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497