[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: help with ACL
At 09:15 AM 10/26/99 -0600, Giri Raichur wrote:
>"Kurt D. Zeilenga" wrote:
>
>> At 10:38 PM 10/25/99 -0600, Giridhar Raichur wrote:
>> >> >1. Disable anonymous access (NULL bind entry)
>> >>
>> >> Set default access to none and add:
>> >> by dn="" none
>> >
>> >I tried to do just that but that seems to prevent all searches.
>> >Here's what I have in my access list -
>> >
>> >defaultaccess none
>> >
>> >access to dn=".*, o=Los Alamos National Laboratory, c=US"
>> > by dn="" none
>> > by dn=".*, o=Los Alamos National Laboratory, c=US" read
>> > by * none
>>
>> s/, /,/g above so that the DN regex will able to match the
>> normalized DNs of your entries.
>>
>
>I did what you suggested but with the same result. It works OK if
>I comment out
>"defaultaccess none" or when I make default access "read".
Sorry, I forgot that dn="" doesn't work in OpenLDAP 1.2.
Instead, you need to use dn="^$$" to match anonymous uses.
(Yes, two $$). So,
access to dn=".*,o=Los Alamos National Laboratory,c=US"
by dn="^$$" none
by dn=".*,o=Los Alamos National Laboratory,c=US" read
by * none
Kurt
----
Kurt D. Zeilenga <kurt@boolean.net>
Net Boolean Incorporated <http://www.boolean.net/>