[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: access priv help
Take another look at the examples in the admin guide:
http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control
You should notice that your line 'access to dn="ou=Employees,o=GBB,c=US"' is
not correct, you need wildcards, as in either:
access to dn="(.*,)?dc=example,dc=com"
or, even easier, if you don't have varying levels of access under your
different OUs:
access to *
The configuration file example at the link above sounds like *almost* what
you want to do.
> From: "Mike Coughlan" <mcoughlan@gothambroadband.com>
> Reply-To: <mcoughlan@gothambroadband.com>
> Date: Fri, 20 Apr 2001 17:45:33 -0400
> To: <OpenLDAP-software@OpenLDAP.org>
> Subject: access priv help
>
> Can someone please assist me on setting granular access privs? I've read
> the admin guide and searched the lists, but still need help.
>
> Versions
> Red Hat 6.2
> openldap-1.2.9-6
> openldap-devel-1.2.9-6
>
> I have a classic OrgUnit, ou=Employees,o=GBB,c=US. I would like to give
> everyone write permissions to self, read permissions on cn, username,
> telephonenumber etc. and no permissions on hometelephonenumber. Basically I
> would like some attributes private, most public, and authentification
> possible against attributes username & userpassword.
>
> If someone can mail me a similar slapd.conf as an example that would be
> great. Here was my attempt:
>
> access to dn="ou=Employees,o=GBB,c=US"
> by dn="cn=Admin,o=GBB,c=US" write
> by * search
> by self write
>
> access to dn="ou=Employees,o=GBB,c=US"
> attr=mail,telephonenumber,cn,username
> by * read
>
>
>