[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access-Control

To: "Samir Desai" <samirmdesai@hotmail.com>
Subject: Re: Access-Control
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 03 Aug 1999 12:16:18 -0700
Cc: Stefan.Kiesow@nwn.de, stuart@eclipse.net.uk, openldap-software@OpenLDAP.org
In-reply-to: <19990803184030.46499.qmail@hotmail.com>

At 11:40 AM 8/3/99 PDT, Samir Desai wrote:
>access		to dn=".*,ou=Development,o=ZoomTown.com,c=US" attr=uid,userpassword
>		by self write
>		by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
>		by * compare
>
>access		to dn=".*,ou=Development,o=ZoomTown.com,c=US"
>		by self write
>		by dn="cn=root,ou=Development,o=ZoomTown.com,c=US" write
>		by * search
>
>& conduct an ldapsearch as,
>
>ldapsearch -b "ou=Development,o=ZoomTown.com,c=US" -D "cn=Samir 
>Desai,ou=Development,o=ZoomTown.com,c=US" -w "samir" objectclass=*
>
>it only displays the record of objectclass organizationalUnit & the record 
>of "Samir Desai".  It does not display any other records.
>
>would anyone happen to know why it behaves in such a fashion?

Because you didn't grant read access to those entries and their
attributes.  "search" access controls which entries can be examined
during the operation, "read" access controls what can be returned.

Kurt

References:
- Access-Control
  - From: "Samir Desai" <samirmdesai@hotmail.com>

Prev by Date: Re: Access-Control
Next by Date: Re: Access-Control
Index(es):
- Chronological
- Thread