[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Permissions error

Matt Juszczak wrote:
Here is my slapd access portion. The members of the admin group aren't able to write; however, even though I have a rule saying they can. I have to add a access to * by * to be able to write at all. Any ideas?
access to *
       by group.exact="cn=admin,dc=dandy,dc=net" write
       by group.exact="cn=techs,dc=dandy,dc=net" read
       by self write
       by users read
       by anonymous auth
       by * break

# Allow only user to change its password
access to attr=userPassword
       by group="cn=techs,ou=groups,dc=dandy,dc=net" write
       by self write
       by anonymous auth
       by * none

This may not answer your question, but one thing you should do is reverse the order of these rules, otherwise the second will never be reached. See:


and note:

"Slapd stops with the first <what> selector that matches the entry and/or attribute. The corresponding access directive is the one slapd will use to evaluate access."

Jon Roberts