[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: help with ACL

To: Giri Raichur <gzzr@lanl.gov>
Subject: Re: help with ACL
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Mon, 25 Oct 1999 15:46:07 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3814D5F9.9B57EC25@lanl.gov>

At 04:13 PM 10/25/99 -0600, Giri Raichur wrote:
>1. Disable anonymous access (NULL bind entry)

Set default access to none and add:
	by dn="" none

as the first who clause to every access directive.

>2. allow only authorized users to view cn=config and cn=monitor

	access to dn="^cn=(config|monitor)$" by
		by dn=".+" read
		by * none

You can replace ".+" will a regular expression which matches
the normalized DN of authorized users.  

See also: http://www.openldap.org/software/man.cgi?query=re_format

	Kurt

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

Follow-Ups:
- Re: help with ACL
  - From: Giridhar Raichur <gzzr@lanl.gov>

References:
- help with ACL
  - From: Giri Raichur <gzzr@lanl.gov>

Prev by Date: numerical rather than lexicographical comparisons with <= and >= filters?
Next by Date: Re: numerical rather than lexicographical comparisons with <= and >= filters?
Index(es):
- Chronological
- Thread