[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd: access control



At 02:51 PM 7/21/00 +0200, Trapp, Michael wrote:
>hi,
>
>i've some problems with the access section in the slapd.conf file.
>
>...
>access to dn='uid=.*, ou=people, o=test' attrs=password
>        by dn='cn=rwpwd, ou=people, o=test" write
>access to dn='uid=.*, ou=people, o=test' attrs=password
>        by dn='cn=ropwd, ou=people, o=test" read
>...


If ever the first ACL matched, which it won't, the second would
never used as the first matched.  You need to:
        1) write regex which match normalized DN
        2) combine the by clauses

That is:

access to dn='uid=.*,ou=people,o=test' attrs=password
        by dn='cn=rwpwd,ou=people,o=test" write
        by dn='cn=ropwd,ou=people,o=test" read


See FAQ and archives for further discussion and archives.