[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL and ACI

To: awenz@mtgnet.de
Subject: Re: ACL and ACI
From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
Date: Mon, 23 Sep 2002 16:18:47 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3D8F1F98.1080100@mtgnet.de>
References: <3D8F1F98.1080100@mtgnet.de>

Armin Wenz writes:
> My question is now, how do I have to set my ACLs that if there is no ACI 
> anonymous read access is allowed? Is this possible?

Until recently there was no supported way to do that, but there was a
bug which let a syntax error in the DN mean "public access"
(ITS#2006). So you could use e.g.

	1#entry#grant;s,c,r;[all]#access-id#[all]

Recently that has been fixed, and a #public# syntax has been added
instead (ITS#2005):

	1#entry#grant;s,c,r;[all]#public#

Sorry, I don't quite remember which OpenLDAP version(s) this happened
in.  Try it and see.

-- 
Hallvard

References:
- ACL and ACI
  - From: Armin Wenz <awenz@mtgnet.de>

Prev by Date: Re: Migrate MD5 passwords to OpenLdap 2.0.x with MigrationTools
Next by Date: Number of replicated systems?
Index(es):
- Chronological
- Thread