fre, 2002-08-30 kl. 10:13 skrev Jan-Philipp Mayer: A: > If I set my ACL to "access to * by * read" it works but with B: > access to attr=userPassword > by self write > by anonymous auth > by dn="cn=Manager,dc=mrball,dc=net" write > by * none C: > access to attr=dn,objectclass,loginShell,objectClass,o,entry,uidNumber,gidNumber,dc,uid > by anonymous read > by * read D: > access to * > by self read > by users read > by anonymous auth B: is fine, and what I myself have - more or less, since Manager's not allowed a even sniff in anything of mine. An awful lot of what you've got in C: just doesn't make sense. A number of the attributes won't work if you deny them and others aren't even attributes. Read the "access to" line again thoroughly and with a bit of luck you'll see why. Rewrite C: adding one attribute at a time and restart slapd until what you want doesn't work any more. Delete "by anonymous read" and keep "by * read". For example, obviously nothing in C: will work if you exclude "dn" as "attribute" (which it isn't, it's the dn!), so start thinking deeply. Change D: to "by * read", until C: works. Best, Tony -- Tony Earnshaw The usefulness of RTFM is vastly overrated. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel