[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Fwd: Newbie ACL questions
On Tuesday, 26. February 2002 10:19, marcel@wiwo.nl wrote:
> This is what I want, and what ACLs I've put together:
>
> I do want users to access their own entry, and entries which has their
> db in the attribute 'owner', but they are not allowed to browse the tree
>
>
> access to *
> by self read
> by anonymous auth
>
>
> I do want to authenticate against LDAP, but I don't want anonymous
> read access to the tree.
>
> access to dn=""
> by anonymous auth
>
> However, my authenticated users can't get any ainfo any more!
well, that's what your ACLs say. "access to * by anonymous auth" means that
only anonymous users can authenticate, reauthentication is not possible. If
you want that, you need "access to * by * auth"
> Final question:
>
> How do I obtain my own entry? A simple filter like:
>
> dn="cn=my name,ou=people,dc=wiwo,dc=nl" returns 0 hits
Your ACLs don't permit browsing the tree (e.g. no user has read access to
ou=people), so you must enter "cn=my name,ou=people,dc=wiwo,dc=nl" as your
search base (and e.g. (objectclass=*) as your search filter).
Yours
Stephan Siano
--
Stephan Siano Mail: Stephan.Siano@suse.de
SuSE Linux AG Phone: 06196 50951 31
CU PS DU South TCC UC Fax: 06196 409607
Mergenthalerallee 45-47
D-65760 Eschborn