Hi,
On Monday 07 October 2002 19:12, you wrote:
After reading slapd.access several times, I'm completely lost on how I
could do something that seems quite simple, but in practice is not
working at all, especially when SASL is added in:
If I have:
access to dn=""
by * read
access to attrs=suKrb5Name
by * search
access to *
by dn="suRegID=<my regid>, cn=people,dc=stanford,dc=edu" read
I can't see suKrb5Name in the output when I do an ldapsearch. Note that
I'm doing SASL authentication, so it needs search on suKrb5Name to do the
saslregexp to authenticate me. If I do
access to attrs=suKrb5Name
by * search break
It then overwrites the access with the by dn="suRegID=...." read, and
then can no longer authenticate me. Shouldn't there be some way to make
access to * truly be access to everything, regardless of the preceeding
acl's?
I have not tested it in this special case, but have you tried grouping
more than one "by clause" into the access statements ?
IIRC, the following lines should do the trick
access to dn=""
by * read
access to attrs=suKrb5Name
by dn="suRegID=<my regid>, cn=people,dc=stanford,dc=edu" read
by * search
access to *
by dn="suRegID=<my regid>, cn=people,dc=stanford,dc=edu" read