[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl questions

To: openldap-software@OpenLDAP.org
Subject: acl questions
From: vlad f kropachew <vlad@ccs.ru>
Date: Thu, 6 Dec 2001 21:12:27 +0300

hello, i have some question about access rules. i have installed
openldap 2.0.18 on linux 6.x and configure it for first time:
slapd.conf
------------------------------------
include         /usr/local/etc/openldap/slapd.at.conf
include         /usr/local/etc/openldap/slapd.oc.conf
schemacheck     off
#referral       ldap://root.openldap.org/

pidfile         /usr/local/var/slapd.pid
argsfile        /usr/local/var/slapd.args

#######################################################################
# ldbm database definitions
#######################################################################

database        ldbm
#suffix         "dc=my-domain, dc=ru"
suffix          "o=ccs, c=ru"
rootdn          "cn=admin, o=ccs, c=ru"
#rootdn         "cn=Manager, o=My Organization Name, c=US"
# cleartext passwords, especially for the rootdn, should
# be avoid.  See slapd.conf(5) for details.
rootpw          secret
# database directory
# this directory MUST exist prior to running slapd AND
# should only be accessable by the slapd/tools  Mode 700 rerumended.
index cn,sn,uid
ndex objectclass pres,eq
index default none
defaultaccess none
#first section
access to attr=userPassword
    by self write
    by dn="cn=admin,o=ccs,o=ru" write
    by * compare

#second section
access to *
#or access to dn="ou=personal,o=ccs,o=ru"
    by self write
    by dn="cn=admin,o=ccs,o=ru" write
    by * none


directory       /usr/local/var/openldap-ldbm
----------------------------------------------

base structure
----------------------------
o=ccs,o=ru  (1)
ou=personel (2)
   cn=vlad  (3)
     cn=first contact (4)
     cn=second contact (5)
    ........
----------------------------

database created and succesful operational under 'admin'login. (i
use java explorer\editor), and then ou=personal(2) was created.
this 'ou' contain personal subtree for every user. one strange thing.
line 'by self write' grant full access to same user subtree, and i can
create any units under they acounts(4,5). after reconnect, explorer
not show created subtree(4,5), but my 'folder'(3) contain entry, and under
'admin' login it's looked like, pleas help - where i wrong?

vlad.

Prev by Date: Schema Extension Question
Next by Date: RE: Schema Extension Question
Index(es):
- Chronological
- Thread