[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: probably simple acl problem

To: Kuba Leszewski <k.leszewski@ce3.pl>
Subject: Re: probably simple acl problem
From: Tony Earnshaw <tonni@billy.demon.nl>
Date: 25 Nov 2002 16:18:33 +0100
Cc: openldap-software@OpenLDAP.org
In-reply-to: <3DE213F5.60107@ce3.pl>
Organization:
References: <3DE213F5.60107@ce3.pl>

man, 2002-11-25 kl. 13:13 skrev Kuba Leszewski:

> I added some entries to the ldaptree and want to use one of them as a 
> "super-user".
> I mean I want to add more entries authenticating as this user.

I have a "super user", he's called Admin. He's allowed to do everything
but see or touch Manager, who's the real boss.

But he has to authenticate first, obviously. so do:

> access to dn="(.*,)*,dc=mydomain,dc=com"
	   by anonymous auth <----
>          by dn="uid=mylogin,ou=People,dc=ce3,dc=pl" write

Then for Manager I have:

access to dn="cn=Manager,dc=mydomain,dc=com"
        by anonymous auth
        by * none

(Because Manager is the person in slapd.conf and he doesn't need any
more.)
																					
> access to attr=userPassword
>          by self write
>          by anonymous auth
>          by * none
> 
> access to *
>          by self write
>          by users read

access to * above means to everything else, so your last bit isn't
necessary.

After this, you can play around with ACLs to your heart's content :-)
It's good fun.

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl

References:
- probably simple acl problem
  - From: Kuba Leszewski <k.leszewski@ce3.pl>

Prev by Date: Re: Backup LDAP Database.
Next by Date: RE: ldap installation
Index(es):
- Chronological
- Thread