[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Fwd: Newbie ACL questions

To: marcel@wiwo.nl, openldap <openldap-software@OpenLDAP.org>
Subject: Re: Fwd: Newbie ACL questions
From: Stephan Siano <stephan.siano@suse.de>
Date: Tue, 26 Feb 2002 10:52:08 +0100
In-reply-to: <200202260919.KAA09335@taz.wiwo.nl>
References: <200202260919.KAA09335@taz.wiwo.nl>

On Tuesday, 26. February 2002 10:19, marcel@wiwo.nl wrote:

> This is what I want, and what ACLs I've put together:
>
> I do want users to access their own entry, and entries which has their
> db in the attribute 'owner', but they are not allowed to browse the tree
>
>
> access to *
> 	by self read
> 	by anonymous auth
>
>
> I do want to authenticate against LDAP, but I don't want anonymous
> read access to the tree.
>
> access to dn=""
> 	by anonymous auth
>
> However, my authenticated users can't get any ainfo any more!

well, that's what your ACLs say. "access to * by anonymous auth" means that 
only anonymous users can authenticate, reauthentication is not possible. If 
you want that, you need "access to * by * auth"

> Final question:
>
> How do I obtain my own entry? A simple filter like:
>
> dn="cn=my name,ou=people,dc=wiwo,dc=nl" returns 0 hits

Your ACLs don't permit browsing the tree (e.g. no user has read access to 
ou=people), so you must enter "cn=my name,ou=people,dc=wiwo,dc=nl" as your 
search base (and e.g. (objectclass=*) as your search filter).

Yours
Stephan Siano

-- 
Stephan Siano                           Mail:  Stephan.Siano@suse.de
SuSE Linux AG                           Phone: 06196 50951 31
CU PS DU South TCC UC                   Fax:   06196 409607
Mergenthalerallee 45-47	
D-65760 Eschborn

References:
- Fwd: Newbie ACL questions
  - From: marcel@wiwo.nl

Prev by Date: schema v2 to schema v3
Next by Date: referral error
Index(es):
- Chronological
- Thread