[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: help w/ ACL
I think the problem is that when the server process the access to the entry
(o or cn entries), it finds that the target "*" is also valid for this access
("*" means all the entries). So, it tries to match the user connected with
one of the 'by' entries and, as any of these entries will match with a normal
user, it denies the access.
In order to avoid this you can use:
access to * attr=o,cn
by * read
access to *
by self write
by anonymous auth
by * read
You have to put first the attribute acl. I hope it helps.
Jorge
On Monday 15 October 2001 13:17, Dane Foster wrote:
> Hello. I'm having an ACL issue where I don't understand why its not
> working and I'm hoping one the ACL gurus can help me out. I'm at the point
> where I've simplified my ACL to the point where I think it should work but
> it does not. Basically I'm trying to have it where everyone except
> anonymous users can read the 'o' and 'cn' (if they apply) attributes of an
> entry.
>
> My global ACL definition is as follows:
> access to *
> by self write
> by anonymous auth
>
>
> My simplified database ACL is as follows:
> access to * attr=o,cn
> by * read
>
> The database ACL doesn't achieve what I said in the first paragraph but it
> should allow any query to read the o and cn attributes unfortunately, it
> doesn't work. If anyone knows the answer I would appreciate being
> enlightened. Thanx.
>
>
> Dane Foster
> Equity Technology Group, Inc
> http://www.equitytg.com.
> 954.360.9800