[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
LDAP Access Control
Hi.
I'm new to LDAP, and I have some doubts regarding LDAP it self and ACL.
I have the following direcotry struture:
+ -- dc=example,dc=com
+ -- cn=Users,dc=example,dc=com
+ -- cn=Jonny Gogogo,cn=users,dc=example,dc=com
+ -- cn=Application 1,cn=Jonny Gogogo,cn=users,dc=example,dc=com
+ -- cn=Application 2,cn=Jonny Gogogo,cn=users,dc=example,dc=com
+ -- cn=Application 3,cn=Jonny Gogogo,cn=users,dc=example,dc=com
+ -- cn=Lara Welsh,cn=users,dc=example,dc=com
+ -- cn=Application 1,cn=Lara Welsh,cn=users,dc=example,dc=com
What I really need is that a User (Jonny Gogogo for instance) to have access
to it's entry and also it's subtree.
When A user authenticates, he gains access to this entries...
+ -- cn=User X,cn=users,dc=example,dc=com
+ -- cn=Application 1,cn=User X,cn=users,dc=example,dc=com
+ -- cn=Application 2,cn=User X,cn=users,dc=example,dc=com
+ -- cn=Application 3,cn=User X,cn=users,dc=example,dc=com
In order to accomplish this, I've put the following line in the slapd.conf
file:
access to dn="(.*,)?cn=users,dc=example,dc=com"
by self write
by anonymous auth
However, when I do this, the user can only access it's own entry. In other
words, When the user "Jonny Gogogo" Authenticates, he can only see the
cn=Jonny Gogogo,cn=users,dc=example,dc=com entry.
Do you guys know what I'm doing wrong.
Thank you very much your attention.
Regards,
Flavio Luiz