[Date Prev][Date Next] [Chronological] [Thread] [Top]

LDAP Access Control



Hi.

I'm new to LDAP, and I have some doubts regarding LDAP it self and ACL.

I have the following direcotry struture:

+ -- dc=example,dc=com
  + -- cn=Users,dc=example,dc=com
    + -- cn=Jonny Gogogo,cn=users,dc=example,dc=com
      + -- cn=Application 1,cn=Jonny Gogogo,cn=users,dc=example,dc=com
      + -- cn=Application 2,cn=Jonny Gogogo,cn=users,dc=example,dc=com
      + -- cn=Application 3,cn=Jonny Gogogo,cn=users,dc=example,dc=com
    + -- cn=Lara Welsh,cn=users,dc=example,dc=com
      + -- cn=Application 1,cn=Lara Welsh,cn=users,dc=example,dc=com

What I really need is that a User (Jonny Gogogo for instance) to have access
to it's entry and also it's subtree.
When A user authenticates, he gains access to this entries...
    + -- cn=User X,cn=users,dc=example,dc=com
      + -- cn=Application 1,cn=User X,cn=users,dc=example,dc=com
      + -- cn=Application 2,cn=User X,cn=users,dc=example,dc=com
      + -- cn=Application 3,cn=User X,cn=users,dc=example,dc=com

In order to accomplish this, I've put the following line in the slapd.conf
file:
access to dn="(.*,)?cn=users,dc=example,dc=com"
       by self write
       by anonymous auth
However, when I do this, the user can only access it's own entry. In other
words, When the user "Jonny Gogogo" Authenticates, he can only see the
cn=Jonny Gogogo,cn=users,dc=example,dc=com entry.

Do you guys know what I'm doing wrong.
Thank you very much your attention.

Regards,
Flavio Luiz