[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACI
Hello,
On Fri, 26 Nov 1999 17:53:20 CET, "Fabrice Nouet" <f_nouet@hotmail.com> wrote:
>| I have a problem when I use two ACI:
>| In my slapd.conf I want to create two ACI
>|
>| access to dn=".*ou=System,o=RV" by "cn=Alan,ou=System,o=RV" write
>| access to dn=".*ou=System,o=RV" by "cn=Fabrice,ou=System,o=RV" write
>|
>| In only the first ACI is present I can create a new user with the Alan dn
>| In only the second ACI is present I can create a new user with the Fabrice
>| dn
>|
>| But I the two ACIs are present I cannot create a new user with the Fabrice
>| dn and I can create a user thnaks to the Alan dn
>|
The 1st ACL who's matching dn (and attributes) is used.
You'd better try:
access to dn=".*ou=System,o=RV"
by "cn=Alan,ou=System,o=RV" write
by "cn=Fabrice,ou=System,o=RV" write
Now, it take this ACL because the dn match and test if you are Alan (if yes, it give you write access), if not , it test
Fabrice. If you aren't Alan nor Fabrice, it take the default access specification.
If you try
access to dn=".*ou=System,o=RV"
by "cn=Alan,ou=System,o=RV" write
by "cn=Fabrice,ou=System,o=RV" write
by * none
If you are not Alan or Fabrice, you'll have no access to the specified dn, even if you add another ACL after.
Manuel
--
____________________________________________________________________
Manuel GUESDON - SOFTWARE BUILDERS <mguesdon@sbuilders.com>
http://www.sbuilders.com PGP Key Id: 12C3E391
PGP Signed/Encrypted mails prefered
- References:
- ACI
- From: "Fabrice Nouet" <f_nouet@hotmail.com>