[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Openldap Access Control

To: Meryem Fahim <meryem.f97@gmail.com>, openldap-technical@openldap.org
Subject: Re: Openldap Access Control
From: Quanah Gibson-Mount <quanah@symas.com>
Date: Fri, 26 Jul 2019 08:46:06 -0700
Content-disposition: inline
In-reply-to: <CAHu1xT655u8D3Zfe6ydKCi+Xs8MbYrO5zmi+8NSGn4oL-5-=UA@mail.gmail.com>
References: <CAHu1xT655u8D3Zfe6ydKCi+Xs8MbYrO5zmi+8NSGn4oL-5-=UA@mail.gmail.com>

--On Friday, July 26, 2019 4:50 PM +0100 Meryem Fahim<meryem.f97@gmail.com> wrote:

HELLO;
i'm working on an Openldap project where im supposed to create groups and
users and be able to work with phpldapadmin,I've done all of that.
Now I want to modify access whereas ensaUser and estUser when logging in
will be able to see only the branch they are in(and give that privilege
to admin only)


I tried so many ACLs (using ldapmodify) but nothing seems to work,when I
log in with one of the users I still can see the whole dataBase,I would
appreciate some help.thank you

As noted in the slapd.access man page, ACLs are evaluated in order. So ifyour first ACL is


access to * by * read

then no further ACLs will be evaluated.

I would generally suggest if you want help debugging ACLs that you*provide* your current set of ACLs to be examined.

I would also note it's generally a very bad idea to use PHPLdapadmin, asit's poorly written.


Regards,
Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

References:
- Openldap Access Control
  - From: Meryem Fahim <meryem.f97@gmail.com>

Prev by Date: Openldap Access Control
Next by Date: Antw: Re: OpenLDAP 2.5 plans and community engagement
Index(es):
- Chronological
- Thread