[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: acl usage

To: Harry Hoffman <h.hoffman@auckland.ac.nz>
Subject: Re: acl usage
From: "Dejan Muhamedagic" <dejan.muhamedagic@at.ibm.com>
Date: Tue, 16 Apr 2002 11:07:58 +0200
Cc: openldap-software@OpenLDAP.org
Importance: Normal
Sensitivity:

Hello,

Your ACLs seem to be right.  It must be that for some reason the regex 
which you specified does not match and therefore the last ACL is used.  A 
typo somewhere?  Try running the server with loglevel set for ACL 
processing (128) and see what happens.  BTW, your users are not able to 
read their records either.  I suppose you should insert "by self read" in 
the second ACL.  Also, perhaps the last ACL is too open.  It is not 
considered to be a good practice to allow access "to everything else".  Of 
course, this depends on your needs.

Hth,

Dejan

Please respond to Harry Hoffman <h.hoffman@auckland.ac.nz> 
Sent by:        owner-openldap-software@OpenLDAP.org
To:     openldap-software@OpenLDAP.org
cc: 
Subject:        acl usage


Hi All,
    I'm trying to setup ACL's for our openldap-2 server. The acl's look 
like 
this:
access to attr=userPassword
        by self write
        by anonymous auth
        by * auth
access to dn=".*,ou=People,o=The University of Auckland,c=NZ"
       by anonymous auth
       by * auth
access to *
        by self write
        by users read
        by * read

I'm trying to set the acl's so that an anonymous user can authenticate to:
"uid=user,ou=People,o=The University of Auckland,c=NZ"
but not actually read any other attributes from there.
Can anyone tell me what I'm doing wrong?

Thanks,
Harry

Prev by Date: Re: ACL by IP
Next by Date: Re: Problem with ACL
Index(es):
- Chronological
- Thread