[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: acl usage
Hello,
Your ACLs seem to be right. It must be that for some reason the regex
which you specified does not match and therefore the last ACL is used. A
typo somewhere? Try running the server with loglevel set for ACL
processing (128) and see what happens. BTW, your users are not able to
read their records either. I suppose you should insert "by self read" in
the second ACL. Also, perhaps the last ACL is too open. It is not
considered to be a good practice to allow access "to everything else". Of
course, this depends on your needs.
Hth,
Dejan
Please respond to Harry Hoffman <h.hoffman@auckland.ac.nz>
Sent by: owner-openldap-software@OpenLDAP.org
To: openldap-software@OpenLDAP.org
cc:
Subject: acl usage
Hi All,
I'm trying to setup ACL's for our openldap-2 server. The acl's look
like
this:
access to attr=userPassword
by self write
by anonymous auth
by * auth
access to dn=".*,ou=People,o=The University of Auckland,c=NZ"
by anonymous auth
by * auth
access to *
by self write
by users read
by * read
I'm trying to set the acl's so that an anonymous user can authenticate to:
"uid=user,ou=People,o=The University of Auckland,c=NZ"
but not actually read any other attributes from there.
Can anyone tell me what I'm doing wrong?
Thanks,
Harry