[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: rootdn and ACI

To: "Saket Sathe" <saket@cc.iitb.ac.in>
Subject: Re: rootdn and ACI
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 30 Mar 2005 15:19:50 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
Importance: Normal
In-reply-to: <424A9A34.9080404@cc.iitb.ac.in>
References: <424A9A34.9080404@cc.iitb.ac.in>
User-agent: SquirrelMail/1.4.3a-1

> Hi,
> If I bind using rootdn do I bypass all the ACIs that are present in
slapd.conf ?

ACI (at least in OpenLDAP's slapd jargon) indicate a specific access
control means, based on data held insite the objects access is checked
for.  Usually access control in general is indicated as ACL.

> I have some confusion regarding this, some clarification will surely
help.

Yes, if you bind as the rootdn of a database, and check access to objects
belonging to that database, access control is short-circuited, and the ACL
rules are not checked.

You didn't mention what version of the sofware you're using, but as far as
I can tell this has always been true.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it





    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: rootdn and ACI
  - From: Saket Sathe <saket@cc.iitb.ac.in>

References:
- rootdn and ACI
  - From: Saket Sathe <saket@cc.iitb.ac.in>

Prev by Date: rootdn and ACI
Next by Date: allow users to add an auxiliary objectClass to their own entry
Index(es):
- Chronological
- Thread