[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACL

To: A N <and_na@wp.pl>
Subject: Re: Problem with ACL
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 15 Oct 2002 21:44:52 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3dac5f0cc7646@wp.pl>
References: <3dac5f0cc7646@wp.pl>

tir, 2002-10-15 kl. 20:31 skrev A N:

> My ACL is:
> 
> access to dn="cn=root,o=company" attr=mail,cn,sn by self write
> access to attr=objectClass by anonymous =rs
> access to attr=entry by anonymous =rs
> access to attr=mail,sn,cn by anonymous =rs

This isn't going to get you anywhere. Make a tree with its roots in the
air. everything to the left is hidden, everything to the right is open:

                dc=com
                   |
                dc=company
             ______|______
             |            |
          ou=secret    ou=open

Distribute rights with normal ACls

> Maybe I should use filter ? But I don't know how and
> documentation is very poor.

Documentation is not poor. People are lazy.

Here are a couple of good starters:

ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
http://www.mandrakesecure.net/en/docs/ldap-auth.php
http://www.kingsmountain.com/ldapRoadmap.shtml
http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg244986.pdf
http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245110.pdf

Best,

Tony

-- 

Tony Earnshaw

"There are many people who can't face the truth ... If you rob a
normal person of life's lies, at the same time you'll be robbing
him of his happiness."

>From Henrik Ibsen's "Vildanden", "The wild Duck."

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

Follow-Ups:
- Odp: Re: Problem with ACL
  - From: "Andy Nat" <and_na@wp.pl>
- Re: Problem with ACL
  - From: Yonah Russ <yonah@jct.ac.il>

References:
- Problem with ACL
  - From: "A N" <and_na@wp.pl>

Prev by Date: RE: looking for a stable combination
Next by Date: Re: dc question
Index(es):
- Chronological
- Thread