[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control



I am using openlapd on redHat Linux 8.0
Rootdn is "o=mydomain.com"

And I have three entries under it.

Entry 1. "ou=Unit1, o=mydomain.com"
Entry 2. "ou=Unit2, o=mydomain.com"
Entry 3. "ou=Unit3, o=mydomain.com"

All three have userPassword attr, set thru ldappasswd utility.

Now how shud the access control in slapd.conf be so that

A)  lapdmodify -h localhost -D "ou=Unit1, o=mydomain.com" -x -w
passForUnit1 -f x.ldif
   should allow modification of Entry 1.
   But lapdmodify -h localhost -D "ou=Unit2, o=mydomain.com" -x -w
passForUnit2 -f x.ldif
   or lapdmodify -h localhost -D "ou=Unit3, o=mydomain.com" -x -w
passForUnit3 -f x.ldif
   should not.

x.ldif contains
dn: ou=Unit1, o=mydomain.com
Ou: Unit1
objectClass: organizationalUnit

B) Any one can serach the ldap database, but they have to authenticate
with their respective passwords. 


I thought of something like this
  access * 
       by dn="o=mydomina.com" write
       by self write
       by * read  

But this did not help at all!

Thanx
  Kiran

**************************Disclaimer************************************

Information contained in this E-MAIL being proprietary to Wipro Limited is 
'privileged' and 'confidential' and intended for use only by the individual
 or entity to which it is addressed. You are notified that any use, copying 
or dissemination of the information contained in the E-MAIL in any manner 
whatsoever is strictly prohibited.

***************************************************************************