[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL
Order of access directives (and by clauses with them) matters...
your first ACL matches everything under and including o=Right Vision.
The second ACL attempts to match userPassword under what's already been controlled. Swap the order.
Kurt
At 03:45 PM 12/1/99 CET, Fabrice Nouet wrote:
>Hello All,
>
>I still have a problem with ACL:
>My first line is:
>access to dn=".*o=Right Vision" by dn="cn=Fabrice,ou=Admin,o=Right Vision"
>write
>My second line is:
>access to dn=".*ou=User,o=Right vision" attr=userpassword
>by dn="cn=Thierry,ou=Admin,o=Right Vision" read by * none
>
>I am waiting for the following result:
>- Fabrice has all access to write to all my openLdap base
>- Thierry can read all entries below ou=User,o=Right Vision
>- The other users read all entries but not the userpassword attribut below
>ou=User,o=Right Vision
>
>The second line (ACI) is not functionning, but when I delete my first line
>(without the Fabrice's access) it is well functionning.
>
>I do not understand what is wrong in my slapd.conf ?
>
>Could someone help me to resolve this problem ?
>Thanks in advance,
>Fabrice
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
>
>
----
Kurt D. Zeilenga <kurt@boolean.net>
Net Boolean Incorporated <http://www.boolean.net/>
- References:
- ACL
- From: "Fabrice Nouet" <f_nouet@hotmail.com>