[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: phpldapadmin and openldap

To: Juan Diego Calle <juandiego.calle@soportelibre.com>
Subject: Re: phpldapadmin and openldap
From: Quanah Gibson-Mount <quanah@zimbra.com>
Date: Thu, 09 Jun 2011 16:27:18 -0700
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <25617521.113911307659547610.JavaMail.root@zimbra.soportelibre.com>
References: <25617521.113911307659547610.JavaMail.root@zimbra.soportelibre.com>

--On Thursday, June 09, 2011 5:45 PM -0500 Juan Diego Calle<juandiego.calle@soportelibre.com> wrote:

I added this to the slapd.conf, but it didn't work.


access to *
        by self write
        by users read
        by anonymous read
        by * none

access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry
        by
group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec"
write

Please read the slapd.access(5) man page very carefully. ACLs areprocessed in the order that they match.


access to * by <...>

matches everything.  Therefore the second ACL will never be processed.

You may want to make it something like

access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry

bygroup/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec"write

	by * break

access to *
       by self write
       by users read
       by anonymous read
       by * none

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration

References:
- Re: phpldapadmin and openldap
  - From: Juan Diego Calle <juandiego.calle@soportelibre.com>

Prev by Date: Re: phpldapadmin and openldap
Next by Date: Linking Clients - which Crypto API ?
Index(es):
- Chronological
- Thread