[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Check synchro : access only to contextcsn

To: openldap-technical@openldap.org
Subject: Re: Check synchro : access only to contextcsn
From: Dieter Klünter <dieter@dkluenter.de>
Date: Tue, 16 Oct 2018 17:54:46 +0200
In-reply-to: <CAFkMs3NG7RcUFY4gTRArn=dHZDSrD15-sW4r6NeAjf+tAX_M4g@mail.gmail.com>
Organization: AVCI
References: <CAFkMs3NG7RcUFY4gTRArn=dHZDSrD15-sW4r6NeAjf+tAX_M4g@mail.gmail.com>

Am Tue, 16 Oct 2018 15:51:50 +0200
schrieb Lirien Maxime <maxime.lirien@gmail.com>:

> Hi all,
> thanks for reading.
> I have a "supervision" account on all my ldap servers. With the plugin
> nagios , it check the synchro.  I would like this account read only
> contextcsn to check synchro. And only contextcsn not the other
> entries. (plugin check nagios).
> Can someone help me to write the right ACL ?
> 
> Here what I tried but not really right :-/
> # ContextCSN
> access to dn.subtree="dc=fr" attrs=contextCSN
>      by dn.subtree="cn=supervision,ou=Comptes Clients,dc=fr" read
>      by * none

access to dn.base=dc=fr 
   attrs=entry,children,contextCSN read

-Dieter

-- 
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E

Follow-Ups:
- Re: Check synchro : access only to contextcsn
  - From: Quanah Gibson-Mount <quanah@symas.com>

References:
- Check synchro : access only to contextcsn
  - From: Lirien Maxime <maxime.lirien@gmail.com>

Prev by Date: Check synchro : access only to contextcsn
Next by Date: Re: Check synchro : access only to contextcsn
Index(es):
- Chronological
- Thread