[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACI problems...



At 04:07 AM 6/18/00 -0700, Ovanes Manucharyan wrote:
>Can someone tell me what I'm doing wrong here..

Please note that there are numerous examples and explanations
in the archives and faq, please review them.

>I want anonymous users only to have read access to the ou=ABC, o=ORG 
>subtree and nothing else, like ou=DEF o=ORG, or ou=GHI, o=ORG.

And I assume authenticated users can read anything (excepting
userpassword) anywhere

defaultaccess none

# userpassword: self write, everyone (anonymous+authenticated) none
access to attr=userpassword
	by self write
	by * none

# o=ABC,o=ORG subtree: self write, everyone (anonymous+authenticated) read
access to dn=".*ou=ABC,o=ORG"
	by self write
	by * read

# everywhere else, self write, anonymous none, authenticated read
access to *
	by self write
	by dn="^$$" none
	by * read