[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACI problems...

To: Ovanes Manucharyan <olm@csun.edu>
Subject: Re: ACI problems...
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Sun, 18 Jun 2000 07:59:01 -0700
Cc: openldap-software@OpenLDAP.org
In-reply-to: <SIMEON.10006180424.D@yerevan.csun.edu>

At 04:07 AM 6/18/00 -0700, Ovanes Manucharyan wrote:
>Can someone tell me what I'm doing wrong here..

Please note that there are numerous examples and explanations
in the archives and faq, please review them.

>I want anonymous users only to have read access to the ou=ABC, o=ORG 
>subtree and nothing else, like ou=DEF o=ORG, or ou=GHI, o=ORG.

And I assume authenticated users can read anything (excepting
userpassword) anywhere

defaultaccess none

# userpassword: self write, everyone (anonymous+authenticated) none
access to attr=userpassword
	by self write
	by * none

# o=ABC,o=ORG subtree: self write, everyone (anonymous+authenticated) read
access to dn=".*ou=ABC,o=ORG"
	by self write
	by * read

# everywhere else, self write, anonymous none, authenticated read
access to *
	by self write
	by dn="^$$" none
	by * read

References:
- ACI problems...
  - From: Ovanes Manucharyan <olm@csun.edu>

Prev by Date: ACI problems...
Next by Date: Re: ACL assistance needed ...
Index(es):
- Chronological
- Thread