[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access
At 12:10 PM 1/24/00 -0500, squeegy+ldap@squeegy.org wrote:
>I am trying the below which incorporates the changes you suggested. I am still able
>read anonymously.
>
>access to dn=".*,dc=amsite,dc=com" by dnattr=owner write
This rule is same as:
access to dn=".*,dc=amsite,dc=com"
by dnattr=owner write
by * default
where default is your default access (which I suspect is "read").
Assuming your are accessing some entry under "dc=amsite,dc=com",
then other rules don't matter as this rule applied.
# only allow owner to change owner attribute values, might
# be better to disallow owner write of owner value.
access to attr=owner
by dnattr=owner write
by * read # deny non-self including anon
access to attr=entry
by self write
by dnattr=owner write
by dn=".+" read
by * read # allow anon read of DNs
access to attr=cn,givenName,sn,uid
by self write
by dnattr=owner write
by dn=".+" read
by * search # allow anon search (but not read)
access to attr=userpassword
by self write
by dnattr=owner write
by * none # deny non-self including anon
access to *
by self write
by dnattr=owner write
by dn=".+" read
by * none # deny anon access
- References:
- Re: access
- From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>