[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL



Order of access directives (and by clauses with them) matters...
your first ACL matches everything under and including o=Right Vision.
The second ACL attempts to match userPassword under what's already been controlled.  Swap the order.

	Kurt

At 03:45 PM 12/1/99 CET, Fabrice Nouet wrote:
>Hello All,
>
>I still have a problem with ACL:
>My first line is:
>access to dn=".*o=Right Vision" by dn="cn=Fabrice,ou=Admin,o=Right Vision" 
>write
>My second line is:
>access to dn=".*ou=User,o=Right vision" attr=userpassword
>by dn="cn=Thierry,ou=Admin,o=Right Vision" read by * none
>
>I am waiting for the following result:
>- Fabrice has all access to write to all my openLdap base
>- Thierry can read all entries below ou=User,o=Right Vision
>- The other users read all entries but not the userpassword attribut below 
>ou=User,o=Right Vision
>
>The second line (ACI) is not functionning, but when I delete my first line 
>(without the Fabrice's access) it is well functionning.
>
>I do not understand what is wrong in my slapd.conf ?
>
>Could someone help me to resolve this problem ?
>Thanks in advance,
>Fabrice
>
>______________________________________________________
>Get Your Private, Free Email at http://www.hotmail.com
>
>

----
Kurt D. Zeilenga		<kurt@boolean.net>
Net Boolean Incorporated	<http://www.boolean.net/>