[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap Access Control

--On Friday, July 26, 2019 4:50 PM +0100 Meryem Fahim <meryem.f97@gmail.com> wrote:

i'm working on an Openldap project where im supposed to create groups and
users and be able to work with phpldapadmin,I've done all of that.
Now I want to modify access whereas ensaUser and estUser when logging in
will be able to see only the branch they are in(and give that privilege
to admin only)

I tried so many ACLs (using ldapmodify) but nothing seems to work,when I
log in with one of the users I still can see the whole dataBase,I would
appreciate some help.thank you 

As noted in the slapd.access man page, ACLs are evaluated in order. So if your first ACL is

access to * by * read

then no further ACLs will be evaluated.

I would generally suggest if you want help debugging ACLs that you *provide* your current set of ACLs to be examined.

I would also note it's generally a very bad idea to use PHPLdapadmin, as it's poorly written.



Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP: