[Date Prev][Date Next]
Re: Access questions
Am Mon, 14 Jan 2013 21:11:26 -0800
schrieb Ori Bani <email@example.com>:
> I think I understand that default access for everything that does not
> have any access rule is to allow read permission to everyone. All
> other entries (that have some form of access rules) will have a
> default of "access to * by * none" applied. I'd like instead to have
> all defaults be no access.
> I have a directory that will be used for internal email processes and
> also have a certain amount of public/anonymous access (but only to
> chosen attributes). Due to the public/anonymous component, I'd like
> to have default access rules be as restrictive as possible.
> Does it make sense to (do people commonly) set a global access of
> "access to * by * none" and then open access up for individual
> databases as desired?
> I'm thinking a global rule:
> access to *
> by dn.base="cn=Manager,dc=example,dc=com" write
> by * none
> Then each database will have to explicitly open access only as much
> as needed.
No, that is not the way ACL's work.
> Any tips much appreciated.
man slapd.acess(5) and
Dieter KlÃnter | Systemberatung
GPG Key ID:DA147B05