[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL Issues

To: openldap-technical@openldap.org
Subject: ACL Issues
From: Troy Knabe <knabe@4j.lane.edu>
Date: Tue, 15 Feb 2011 08:40:29 -0800

I am attempting to be very granular in the access that I give to my directory, but I seem to be struggling with the implementation.

I have several proxy accounts that I want to grant the access to that they need, no more, no less.  But I seem to have to put a line in like:

access to dn.children="dc=company,dc=com" by * read in order to authenticate.  What I thought I wanted was something like this:

access to attrs=userPassword
	by dn.exact=proxy,dc=company,dc=com write
	by self write
	by anonymous auth

But without read access above, it does not work.  How can I allow proxy users/groups access w/out granting read access to everyone?  Or does the dn.children allow read access to all attributes?

Follow-Ups:
- Re: ACL Issues
  - From: Troy Knabe <knabe@4j.lane.edu>

Prev by Date: Re: ldap auth does not works after openldap upgrade
Next by Date: Re: ldap auth does not works after openldap upgrade
Index(es):
- Chronological
- Thread