[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problem with ACL



tir, 2002-10-15 kl. 20:31 skrev A N:

> My ACL is:
> 
> access to dn="cn=root,o=company" attr=mail,cn,sn by self write
> access to attr=objectClass by anonymous =rs
> access to attr=entry by anonymous =rs
> access to attr=mail,sn,cn by anonymous =rs

This isn't going to get you anywhere. Make a tree with its roots in the
air. everything to the left is hidden, everything to the right is open:

                dc=com
                   |
                dc=company
             ______|______
             |            |
          ou=secret    ou=open

Distribute rights with normal ACls

> Maybe I should use filter ? But I don't know how and
> documentation is very poor.

Documentation is not poor. People are lazy.

Here are a couple of good starters:

ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf
http://www.mandrakesecure.net/en/docs/ldap-auth.php
http://www.kingsmountain.com/ldapRoadmap.shtml
http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg244986.pdf
http://www.redbooks.ibm.com/pubs/pdfs/redbooks/sg245110.pdf

Best,

Tony

-- 

Tony Earnshaw

"There are many people who can't face the truth ... If you rob a
normal person of life's lies, at the same time you'll be robbing
him of his happiness."

>From Henrik Ibsen's "Vildanden", "The wild Duck."

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl