[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: attribute acl hardships

To: "Fox" <lds0062@cdc.net>
Subject: Re: attribute acl hardships
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 29 Aug 2001 12:47:34 -0700
Cc: <openldap-software@OpenLDAP.org>
In-reply-to: <2968896.999113505791.JavaMail.SYSTEM@ranier>
References: <53A29CF72629D511B5C600B0D0AB7085081A62@PALM>

At 12:31 PM 2001-08-29, Fox wrote:
>Any time I try to grant access to specific attributes in the second access
>statement, it does not work, as in a search by cn returns no results.  Is it
>matching my user as anonymous in the first statement and ignoring the second
>access statement?
>
>If I change the second statement to access to *, I can access all
>attributes, but that is not what I want.  I am running OpenLDAP 2.0.11.
>
>access to attr=userPassword
>    by anonymous auth
>    by dn="cn=Manager,dc=mckee,dc=com" write
>access to attr=cn
>    by users read

You did not grant permission to read any entries.  Replace
last ACL with:

access to attrs=cn,entry
        by users read

Kurt

References:
- RE: authentication
  - From: "oberwetter, josh" <joberwetter@grownetwork.com>
- attribute acl hardships
  - From: "Fox" <lds0062@cdc.net>

Prev by Date: Re: object schema ??
Next by Date: TLS/SSL some questions...
Index(es):
- Chronological
- Thread