[Date Prev][Date Next] [Chronological] [Thread] [Top]

Question to an ACL


I'm trying to understand these acl's:

{0} to attrs=userPassword,shadowLastChange,sambaNTPassword,sambaLMPassword
     by dn="cn=admin,dc=foo,dc=bar" write <--admin can read/write
     by anonymous auth <--anonyomous can auth
     by self  write  <--- object owner can read/write
     by * none <--all other users denied

{1}to dn.base=""
     by * read <-- all can read the root dc=foo, dc=bar
{2}to *
     by dn="cn=admin,dc=studsemi,dc=intern" write <--
     by * read

so with acl 0: users and admin can read/write passwords, all others can
do nothing with that
acl 1: ALL can read the root dc=foo,dc=bar
acl 2: all other attributes can be read by all others and only admin can
also modify all other attributes?

so if that is correct, then I think acl 1 isnt needed?