[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL questions

Okay, some how I kind of got it to work.  Here's my ACL's in order:

access to dn.children="dc=cmcflex,dc=com"
	by users write
	by * auth

access to attrs="telephoneNumber","homePhone","homePostalAddress","userPassword"
by users write
by * auth

access to *
	by anonymous read

Now user mtice[@]cmcflex.com can add an entry. However, now anonymous can't view "basic" (not userPassword, telephoneNumber,etc).

So, with increased logging turned on I get:
=>acl_mask: to all values by "", (=n)
<=check a_dn_pat: users
<=check a_dn_pat: *
<=acl_mask: [2] applying auth(=x) (stop)
<=acl_mask: [2] mask: auth(=x)
=>access_allowed: search access denied by auth(=x)