[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access-Control



I too am working on the same although for the web-interface I am using PerLDAP libraries.

I am still trying to get the knack of building the acl's, since they are very picky in OpenLDAP. Not only is the access controls importants but even their ordering.

For eg., when I set my acl within slapd.conf as,

access		to dn=".*,ou=Development,o=ZoomTown.com,c=US" attr=uid,userpassword
		by self write
		by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
		by * compare

access		to dn=".*,ou=Development,o=ZoomTown.com,c=US"
		by self write
		by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
		by * search

& conduct an ldapsearch as,

ldapsearch -b "ou=Development,o=ZoomTown.com,c=US" -D "cn=Samir Desai,ou=Development,o=ZoomTown.com,c=US" -w "samir" objectclass=*

it only displays the record of objectclass organizationalUnit & the record of "Samir Desai". It does not display any other records.

Unless its not a bug in the ldap tool, would anyone happen to know why it behaves in such a fashion?


_______________________________________________________________ Get Free Email and Do More On The Web. Visit http://www.msn.com