[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL and ObjectClass

To: openldap-software@OpenLDAP.org
Subject: ACL and ObjectClass
From: Gessy Caetano da Silva Junior <listas_gessy@yahoo.com.br>
Date: Thu, 05 May 2005 08:05:21 -0300
User-agent: Mozilla Thunderbird 1.0 (X11/20041206)

Hi,

In the slapd.access(5) manpage there's a text that says

'The statement attrs=<attrlist> selects the attributes the access control rule applies to. It is a comma-separated list of attribute types, plus the special names entry, indicating access to the entry itself, and children, indicating access to the entry's children. ObjectClass names may also be specified in this list, which will affect all the attributes that are required and/or allowed by that objectClass. Actually, names in <attrlist> that are prefixed by @ are directly treated as objectClass names. A name prefixed by ! is also treated as an objectClass, but in this case the access rule affects the attributes that are not required nor allowed by that objectClass'.


this means if i have an ACL like:


access to attrs=!posixAccount
	by * read

Only the attributes required and/or allowed by objectClass posixAccount would be readed by anyone, right? I tried this but it not work.

--
<+====================================================+>
      .~.    Gessy Caetano da Silva Júnior
     / v \   Laboratório de Computação Científica
    /(   )\  LCC/CENAPAD 	Tel: 3499-5389
     ^^-^^   Universidade Federal de Minas Gerais
   GNU/Linux 	      				  	
<+====================================================+>

Follow-Ups:
- Re: ACL and ObjectClass
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: ACL and ObjectClass
  - From: Aleksandar Milivojevic <amilivojevic@pbl.ca>

Prev by Date: Re: Chaining support status
Next by Date: Re: SLAPD_LISTEN increase
Index(es):
- Chronological
- Thread