[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL confusion
At 01:46 PM 6/24/99 -0400, Nicholas Riley wrote:
>Hi,
>
>I've been trying to set up ACLs with OpenLDAP's slapd.conf. I've
>looked at the mailing list archives, and tried everything I could
>find suggested there, done several hours worth of trial and error,
>and really had a great lack of success.
>
>What I want to do is make one user, Netscape Server Admin, able to
>perform full additions and updates on any record, and make all
>attributes but passwords accessible to the public.
>
>Here are portions of my slapd.conf:
>
>>rootdn "uid=root,ou=Staff,o='Invantage, Inc.',c=US"
That's not a valid DN (per RFC1779) and will likely cause problems.
Namely, the "," in o='Invantage, Inc.' must be quoted using an
approved mechanism. "'" character is NOT a quote character.
I suggest avoiding DNs that require quoting. I'd also suggest
avoid using "'" in DNs as they are misleading.
>>access to attr=userpassword
>> by self write
>> by dn="uid=root,ou=Staff,o='Invantage, Inc.',c=US" write
>> by dn="cn=Netscape Server Admin,o='Invantage, Inc.',c=US" write
>> by * compare
>>
>>access to *
>> by dn="uid=root,ou=Staff,o='Invantage, Inc.',c=US" write
>> by dn="cn=Netscape Server ,o='Invantage, Inc.',c=US" write
^
typo: s/cn=Netscape Server /cn=Netscape Server Admin/
I suggest fixing these first. If you have further problems,
be sure to provide a log details with TRACE and ARGS enabled
in addition to ACLS, ie: -d 1 -d 4 -d 128 OR -d 133.
Kurt