[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACI's and 'by users read'

To: openldap-software@OpenLDAP.org
Subject: ACI's and 'by users read'
From: Turbo Fredriksson <turbo@bayour.com>
Date: Mon, 31 Jan 2005 13:29:16 +0100
Organization: LDAP/Kerberos expert wannabe
User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/20.7 (gnu/linux)

I'm trying to move a 'by users read' to ACI, but I'm having little
luck...

Looking at the code (servers/slapd/acl.c), I see that '#users#' should
be possible, but isn't working for some reason (I can't read ANY of
these attributes other than as my self - turbo)...

----- s n i p -----
dn: c=SE
OpenLDAPaci: 0#entry#grant;r,s,c;objectClass,[entry]#public#
OpenLDAPaci: 1#entry#grant;r,s,c;useControls,useEzmlm,useBind9,useWebSrv,autoR
 eload,allowServerChange,whoAreWe,language,hostMaster,ezmlmBinaryPath,krb5Real
 mName,krb5AdminServer,krb5PrincipalName,krb5AdminKeytab,krb5AdminCommandPath,
 controlBaseDn,ezmlmAdministrator,controlsAdministrator,useACI#users#
OpenLDAPaci: 2#entry#grant;w,r,s,c,x;[all]#access-id#uid=turbo,ou=People,o=Fre
 driksson,c=SE
----- s n i p -----

Follow-Ups:
- Re: ACI's and 'by users read'
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: adding openLDAPaci
Next by Date: Re: adding openLDAPaci
Index(es):
- Chronological
- Thread