[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL filters

To: Emmanuel JEGOU <Emmanuel.Jegou@naonet.fr>
Subject: Re: ACL filters
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 01 Jul 1999 00:08:32 -0700
Cc: openldap-software <openldap-software@OpenLDAP.org>
In-reply-to: <377A366E.32B5DC6F@naonet.fr>

At 05:23 PM 6/30/99 +0200, Emmanuel JEGOU wrote:
>Hello,
>
>I try to manage access controls on entries under ou=people,o=Naonet
>Company,c=fr entry to only one person for the moment.
>My problem occurs when I want to manage access to entries with the
>attribut value equal to 'Personnel'. Only the entries that verify this
>condition can be accessed.

It looks like Rule 2 should do the trick.  When you tested it was
it the first rule in slapd.conf?   Remember that only the first
matched "what" clause of the first matched "who" clause matters.  If
no "what" clause matches of the first matched "who" clause, the
default rule is applied.  If no "who" cause matches, the default
rule is applied.

Rule 1 and 3 have a bogus filters.  You cannot match DN nor use regular
expressions in search filters.  Use ldapsearch to verify your search
filters before attempting to use them in ACLs.

I recommend you look at using dnattr and group based ACLs.

Follow-Ups:
- Re: ACL filters
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Using Netscape to mail to a group
Next by Date: Netscape and Roaming Profiles
Index(es):
- Chronological
- Thread