[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control confusion

To: "OpenLDAP-Software@OpenLDAP.org" <OpenLDAP-Software@OpenLDAP.org>
Subject: Re: Access Control confusion
From: Craig Morrison <craig@2cah.com>
Date: Fri, 15 Mar 2002 18:51:44 -0500
Organization: Computers At Home
References: <Pine.SOL.4.44.0203151320080.19009-100000@frago.rz.uni-ulm.de>

First of all, thanks to all of you who offered suggestions/solutions both on
and off the list. Here's what finally ended up working:

access to attr=userPassword
	by self write
	by * auth
access to dn.subtree="dc=2cah,dc=com"
	by dn=".*,dc=2cah,dc=com" read
	by self write
	by * auth
access to dn.subtree="dc=ezmts,dc=org"
	by dn=".*,dc=ezmts,dc=org" read
	by self write
	by * auth

Thomas Nau wrote:
> 
> Craig,
> 
> access to dn.subtree="dc=2cah,dc=com"
>         by domain=".*\.2cah\.com$$" read
>         by * none
> 
> access to dn.subtree="dc=ezmts,dc=org"
>         by domain=".*\.ezmts\.org$$" read
>         by * none
> 
> should basicly give you what you want. Of course it need some fine tuning.
> 
> Thomas
> 
> -----------------------------------------------------------------
> PGP fingerprint: B1 EE D2 39 2C 82 26 DA  A5 4D E0 50 35 75 9E ED
> Phone:           +49 731 50 22464
> FAX:             +49 731 50 22471

-- 

Craig Morrison
  http://www.mtsprofessional.com/
  A Win32 Email server that works for you.

References:
- Re: Access Control confusion
  - From: Thomas Nau <thomas.nau@rz.uni-ulm.de>

Prev by Date: RE: Too many tokens?
Next by Date: [PATCH] back-perl on Win32
Index(es):
- Chronological
- Thread