[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: OPEN LDAP ACL

To: Olivier - <piwako@outlook.fr>, Florent Vallée <florent.vallee@insa-cvl.fr>, openldap-technical <openldap-technical@openldap.org>
Subject: RE: OPEN LDAP ACL
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Tue, 21 May 2019 14:41:43 -0700
Content-disposition: inline
In-reply-to: <AM0PR0102MB307506D64B68DCCEB2C38337A2070@AM0PR0102MB3075.eurprd01.prod.exchangelabs.com>
References: <1566955836.133593.1558343149906.JavaMail.zimbra@insa-cvl.fr> <AM0PR0102MB307506D64B68DCCEB2C38337A2070@AM0PR0102MB3075.eurprd01.prod.exchangelabs.com>

--On Tuesday, May 21, 2019 9:56 AM +0000 Olivier - <piwako@outlook.fr>wrote:


Bonjour Florent,



(sorry I answer just this in Freanch : easier to me p Les ACL
s'arrêtent au premier match. Il faut donc mettre les droits des user
sconcernés pour chaque ACL).

Here a franch link :
https://www.vincentliefooghe.net/content/les-acl-dans-openldap





Here an example :



access to attrs=userPassword

by dn.exact="cn=admin,dc=example,dc=fr" write

by users auth

by anonymous auth

by * none

That should be "by users read", not "by users auth" as per their statedrequirements. I would note that this ACL would be problematic in areplicated environment unless the "cn=admin,dc=example,dc=fr" DN is alsoused for replication.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

Follow-Ups:
- RE: OPEN LDAP ACL
  - From: Quanah Gibson-Mount <quanah@symas.com>

References:
- OPEN LDAP ACL
  - From: Florent Vallée <florent.vallee@insa-cvl.fr>
- RE: OPEN LDAP ACL
  - From: Olivier - <piwako@outlook.fr>

Prev by Date: Re: Changing timeouts from a slapd module
Next by Date: Re: Help need with replication
Index(es):
- Chronological
- Thread