[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL

To: "Fabrice Nouet" <f_nouet@hotmail.com>
Subject: Re: ACL
From: "Kurt D. Zeilenga" <kurt@boolean.net>
Date: Wed, 01 Dec 1999 07:07:04 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <19991201144540.27367.qmail@hotmail.com>

Order of access directives (and by clauses with them) matters...
your first ACL matches everything under and including o=Right Vision.
The second ACL attempts to match userPassword under what's already been controlled.  Swap the order.

	Kurt

At 03:45 PM 12/1/99 CET, Fabrice Nouet wrote:
>Hello All,
>
>I still have a problem with ACL:
>My first line is:
>access to dn=".*o=Right Vision" by dn="cn=Fabrice,ou=Admin,o=Right Vision" 
>write
>My second line is:
>access to dn=".*ou=User,o=Right vision" attr=userpassword
>by dn="cn=Thierry,ou=Admin,o=Right Vision" read by * none
>
>I am waiting for the following result:
>- Fabrice has all access to write to all my openLdap base
>- Thierry can read all entries below ou=User,o=Right Vision
>- The other users read all entries but not the userpassword attribut below 
>ou=User,o=Right Vision
>
>The second line (ACI) is not functionning, but when I delete my first line 
>(without the Fabrice's access) it is well functionning.
>
>I do not understand what is wrong in my slapd.conf ?
>
>Could someone help me to resolve this problem ?
>Thanks in advance,
>Fabrice
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
>
>

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>

References:
- ACL
  - From: "Fabrice Nouet" <f_nouet@hotmail.com>

Prev by Date: help needed in referral
Next by Date: Re: ACL
Index(es):
- Chronological
- Thread