[Date Prev][Date Next]
Re: rootdn and ACI
Pierangelo Masarati wrote:
I have an ACL like:
If I bind using rootdn do I bypass all the ACIs that are present in
ACI (at least in OpenLDAP's slapd jargon) indicate a specific access
control means, based on data held insite the objects access is checked
for. Usually access control in general is indicated as ACL.
I have some confusion regarding this, some clarification will surely
Yes, if you bind as the rootdn of a database, and check access to objects
belonging to that database, access control is short-circuited, and the ACL
rules are not checked.
You didn't mention what version of the sofware you're using, but as far as
I can tell this has always been true.
by ... *other requesters (part omitted to maintain clarity)*
by anonymous auth
by users read
Now if I bind using rootdn, I am not able to read the 'mailHost'
attribute. My rootdn is cn=Manager,dc=iitb,dc=ac,dc=in.
I am using OL 2.2.24. Shall I post all my ACLs ?