[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs: 'and' clause in ACLs

To: ando@sys-net.it
Subject: Re: ACLs: 'and' clause in ACLs
From: Fabio Spelta <spelta@linux.it>
Date: Tue, 09 Nov 2004 14:08:35 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <60987.131.175.154.56.1099999269.squirrel@131.175.154.56>
References: <41909F48.7090309@linux.it> <60987.131.175.154.56.1099999269.squirrel@131.175.154.56>
User-agent: Mozilla Thunderbird 0.8 (X11/20040913)

Thank you very much for your reply.

Pierangelo Masarati wrote:

See the "<control>" field in slapd.access(5); for example (RE22/HEAD):

access to *
    by dn.exact="cn=foo" =rw continue
    by peername.ip="127.0.0.1" +0 stop
    by * auth

gives "rw" (read + write) access to "cn=foo", and confirms it if the
request comes from "127.0.0.1" (the "break" is redundant, of course);
otherwise, privileges are reset to "auth", which applies to "*".

I forgot a little detail: we are using version 2.0.27 (duh). We replaced peername.ip with peername, this way it's been accepted by slapd. Unfortunately it doesnt work, as it even refuses to bind. Replacing =rw with "write" didn't make it either. Any further help appreciated.

Thank you very much

Follow-Ups:
- Re: ACLs: 'and' clause in ACLs
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

References:
- ACLs: "and" clause in ACLs
  - From: Fabio Spelta <spelta@linux.it>
- Re: ACLs: 'and' clause in ACLs
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Re: Subordinate ACL question
Next by Date: Problems adding to the db
Index(es):
- Chronological
- Thread