[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access list

To: pssara@auth.gr
Subject: Re: Access list
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Mon, 11 Sep 2000 10:31:36 -0700
Cc: "'openldap-software@OpenLDAP.org'" <openldap-software@OpenLDAP.org>
In-reply-to: <39BCF5B8.C2DD0E93@auth.gr>

At 06:09 PM 9/11/00 +0300, P.S.Saragiotis wrote:
>Is there a comprehensive guide to access lists ?

Not yet, for now rely on:
        Admin Guide (http://www.openldap.org/doc/admin/)

Note that tests/data/*.conf files demonstrate some additional ACL
usage.  Also, there is some additional information available in
this Developer's FAQ answer:
        http://www.openldap.org/faq/index.cgi?file=447

>I could not find anyware how to use a form of ANDed rules.

If the <what> or <who> statement includes multiple clauses, all
clauses must match for the access to apply.  That is, the statement
is evaluated using the AND of the clauses.

        access to filter=(objectClass=person) attrs=userPassword
                by self peername="IP:127\.0\.0\.1" write

To userPassword contained with person objects, grants self write
when peername is IP:127.0.0.0.1 else none.

>I need to permit write access
>only to a specific group when it binds from a specif ip. Can anyone help
>?

References:
- Access list
  - From: "P.S.Saragiotis" <pssara@auth.gr>

Prev by Date: set_cachesize
Next by Date: Re: set_cachesize
Index(es):
- Chronological
- Thread