[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP Access Control

To: openldap-software@OpenLDAP.org
Subject: LDAP Access Control
From: Flavio Alves <flavio-l-alves@ptinovacao.pt>
Date: Tue, 17 Sep 2002 18:12:31 +0100

Hi.

I'm new to LDAP, and I have some doubts regarding LDAP it self and ACL.

I have the following direcotry struture:

+ -- dc=example,dc=com
  + -- cn=Users,dc=example,dc=com
    + -- cn=Jonny Gogogo,cn=users,dc=example,dc=com
      + -- cn=Application 1,cn=Jonny Gogogo,cn=users,dc=example,dc=com
      + -- cn=Application 2,cn=Jonny Gogogo,cn=users,dc=example,dc=com
      + -- cn=Application 3,cn=Jonny Gogogo,cn=users,dc=example,dc=com
    + -- cn=Lara Welsh,cn=users,dc=example,dc=com
      + -- cn=Application 1,cn=Lara Welsh,cn=users,dc=example,dc=com

What I really need is that a User (Jonny Gogogo for instance) to have access
to it's entry and also it's subtree.
When A user authenticates, he gains access to this entries...
    + -- cn=User X,cn=users,dc=example,dc=com
      + -- cn=Application 1,cn=User X,cn=users,dc=example,dc=com
      + -- cn=Application 2,cn=User X,cn=users,dc=example,dc=com
      + -- cn=Application 3,cn=User X,cn=users,dc=example,dc=com

In order to accomplish this, I've put the following line in the slapd.conf
file:
access to dn="(.*,)?cn=users,dc=example,dc=com"
       by self write
       by anonymous auth
However, when I do this, the user can only access it's own entry. In other
words, When the user "Jonny Gogogo" Authenticates, he can only see the
cn=Jonny Gogogo,cn=users,dc=example,dc=com entry.

Do you guys know what I'm doing wrong.
Thank you very much your attention.

Regards,
Flavio Luiz

Follow-Ups:
- Re: LDAP Access Control
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: bare nuts on solaris 8/9
Next by Date: Re: Write-intensive LDAP
Index(es):
- Chronological
- Thread