[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control

To: openldap-software@OpenLDAP.org
Subject: Access Control
From: Audy Sunarya <audy@feynman.hybrithms.com>
Date: Thu, 5 Aug 1999 12:38:27 -0700 (PDT)

Hi, 

I've been trying to figure out what I did wrong for several days. I am
quite exhausted now. I am learning how to write the access control using
ldif. I checked out the archive and also checked every single statement I
write. Apparently, none of the oci I wrote works. Would anybody give me a
hint of my errors and how to fix it? Thanks a bunch! (Below is my ldif
file)

Regards, Audy

-------------------------------------------------------------------
dn: o=hybrithms.com
objectclass: 	top
objectclass: 	organization
o: 		hybrithms.com
oci:		(target = "ldap:///o=hybrithms.com";)
		(targetattr = "userPassword || aci" )
		(	version 2.0; 
			acl "Read access for everyone";
			allow(compare)
			(userdn = "ldap:///anyone";); )

dn: ou=People,o=hybrithms.com
objectclass: 	top
objectclass: 	organizationalUnit
ou: 		People
oci:		(target = "ldap:///ou=People,o=hybrithms.com";)
		(targetattr = "*")
		(	version 2.0;
			acl "Write access for Directory Admin";
			allow(write)
			(groupdn = "cn=Directory Admin,ou=Groups,o=hybrithms.com"); )
oci:		(target = "ldap:///ou=People,o=hybrithms.com";)
		(targetattr != "userPassword || sn || cn || givenname")
		(	version 2.0;
			acl "Write access for valid individual";
			allow(write)
			(userdn = "ldap:///self";); )

dn: ou=Groups,o=hybrithms.com
objectclass:	top
objectclass:	organizationalUnit
ou:		Groups

dn: uid=audys,ou=People,o=hybrithms.com
objectclass:	top
objectclass: 	Person
objectclass:	organizationalPerson
objectclass:	inetOrgPerson
o: 		hybrithms.com
ou: 		People
uid: 		audys
cn: 		Audy Sunarya
givenname:	Audy
sn: 		Sunarya
mail: 		audy@hybrithms.com
userPassword: 	audy

dn: uid=vbrayman,ou=People,o=hybrithms.com
objectclass:	top
objectclass: 	Person
objectclass:	organizationalPerson
objectclass:	inetOrgPerson
uid: 		vbrayman
ou: 		People
o: 		hybrithms.com
cn: 		Vladimir Brayman
givenname:	Vladimir
sn: 		Brayman
mail: 		vbrayman@hybrithms.com
userPassword:	vladimir

dn: cn=Directory Admin,ou=Groups,o=hybrithms.com
objectclass:	top
objectclass:	groupOfUniqueNames
cn:		Directory Admin
ou:		Groups
uniqueMember:	uid=audys,ou=People,o=hybrithms.com
uniqueMember:	uid=vbrayman,ou=People,o=hybrithms.com

Prev by Date: what the...?
Next by Date: Re: what the...?
Index(es):
- Chronological
- Thread