[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Problems with ACL
Hello!
Sorry, I don´t understand the access control result.
I want to: Make cn and mail world search- and readable, as I
hoped to define in line 26 (access to attr=cn,mail by self write
by * read). Everything else at least partly restricted.
I get the messages below. This means, I don´t get any result
when binding anonymously and searching fo cn=*marian*
Can anybody explain to me what happens and what I am doing
wrong?
Thanks a lot!
Marian
line 14 (defaultaccess none)
line 18 (access to attr=matrikelnr by self read by * none)
ACL: access to
attrs=matrikelnr
by dn=self
by dn=.*
line 22 (access to attr=userpassword by self write by * none)
ACL: access to
attrs=userpassword
by dn=self
by dn=.*
line 26 (access to attr=cn,mail by self write by * read)
ACL: access to
attrs=cn,mail
by dn=self
by dn=.*
line 31 (access to * by self write by dn=".+" read by * none)
ACL: access to dn=.*
by dn=self
by dn=.+
by dn=.*
line 37 (database ldbm)
line 39 (suffix "ou=Design, o=Fachhochschule Koeln,
c=DE")
line 41 (directory /usr/local/ldap)
line 43 (index cn,sn,givenname,uid)
line 45 (rootdn "cn=root, ou=Design, o=Fachhochschule
Koeln, c=DE")
line 47 (rootpw *****)
line 49 (updatedn "cn=root, ou=Design, o=Fachhochschule
Koeln, c=DE")
slapd starting
conn=0 fd=7 connection from localhost (127.0.0.1) accepted.
conn=0 op=0 BIND dn="" method=128
conn=0 op=0 RESULT err=0 tag=97 nentries=0
conn=0 op=1 SRCH base="OU=DESIGN,O=FACHHOCHSCHULE KOELN,C=DE"
scope=2 filter="(cn=*MARIAN*)"
=> access_allowed: entry (uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE) attr (cn)
=> acl_get: entry (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (cn)
<= acl_get: [3] global acl uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE attr: cn
=> acl_access_allowed: search access to entry "uid=marian,
ou=Design, o=Fachhochschule Koeln, c=DE"
=> acl_access_allowed: search access to value "any" by ""
<= acl_access_allowed: matched by clause #2 access granted
=> access_allowed: exit (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (cn)
=> access_allowed: entry (uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE) attr (entry)
=> acl_get: entry (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (entry)
<= acl_get: [4] global acl uid=marian, ou=Design,
o=Fachhochschule Koeln, c=DE attr: entry
=> acl_access_allowed: read access to entry "uid=marian,
ou=Design, o=Fachhochschule Koeln, c=DE"
=> acl_access_allowed: read access to value "any" by ""
<= acl_access_allowed: matched by clause #3 access denied
=> access_allowed: exit (uid=marian, ou=Design, o=Fachhochschule
Koeln, c=DE) attr (entry)
acl: access to entry not allowed