[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Check synchro : access only to contextcsn
- To: openldap-technical@openldap.org
- Subject: Re: Check synchro : access only to contextcsn
- From: Dieter Klünter <dieter@dkluenter.de>
- Date: Tue, 16 Oct 2018 17:54:46 +0200
- In-reply-to: <CAFkMs3NG7RcUFY4gTRArn=dHZDSrD15-sW4r6NeAjf+tAX_M4g@mail.gmail.com>
- Organization: AVCI
- References: <CAFkMs3NG7RcUFY4gTRArn=dHZDSrD15-sW4r6NeAjf+tAX_M4g@mail.gmail.com>
Am Tue, 16 Oct 2018 15:51:50 +0200
schrieb Lirien Maxime <maxime.lirien@gmail.com>:
> Hi all,
> thanks for reading.
> I have a "supervision" account on all my ldap servers. With the plugin
> nagios , it check the synchro. I would like this account read only
> contextcsn to check synchro. And only contextcsn not the other
> entries. (plugin check nagios).
> Can someone help me to write the right ACL ?
>
> Here what I tried but not really right :-/
> # ContextCSN
> access to dn.subtree="dc=fr" attrs=contextCSN
> by dn.subtree="cn=supervision,ou=Comptes Clients,dc=fr" read
> by * none
access to dn.base=dc=fr
attrs=entry,children,contextCSN read
-Dieter
--
Dieter Klünter | Systemberatung
http://sys4.de
GPG Key ID: E9ED159B
53°37'09,95"N
10°08'02,42"E