[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access list



At 06:09 PM 9/11/00 +0300, P.S.Saragiotis wrote:
>Is there a comprehensive guide to access lists ?

Not yet, for now rely on:
        Admin Guide (http://www.openldap.org/doc/admin/)

Note that tests/data/*.conf files demonstrate some additional ACL
usage.  Also, there is some additional information available in
this Developer's FAQ answer:
        http://www.openldap.org/faq/index.cgi?file=447

>I could not find anyware how to use a form of ANDed rules.

If the <what> or <who> statement includes multiple clauses, all
clauses must match for the access to apply.  That is, the statement
is evaluated using the AND of the clauses.

        access to filter=(objectClass=person) attrs=userPassword
                by self peername="IP:127\.0\.0\.1" write

To userPassword contained with person objects, grants self write
when peername is IP:127.0.0.0.1 else none.

>I need to permit write access
>only to a specific group when it binds from a specif ip. Can anyone help
>?