[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL issue

To: openldap-software@OpenLDAP.org
Subject: ACL issue
From: Arjen van Drie <arjen-openldap@3va.net>
Date: Tue, 3 Dec 2002 22:09:06 +0100

Hi,


I have been messing around with access control lists for a few hours now,
and I come up with the next stuff to be able to login using ssh. To me,
the access for anonymous to the attr=userPassword seems a bit too 
unrestricted, and I think/hope it should be "auth" instead of "read".
But then I cannot login.

Can someone help me make this as restrictive as possible? I have no
other ACL stuff defined in slapd.conf.

Basically any remark is welcome ;)


-- begin slapd.conf snippet --

database        ldbm
suffix          "dc=zomba,dc=doobah,dc=net"
rootdn          "cn=admin,dc=zomba,dc=doobah,dc=net" 
rootpw                  {SSHA}VYHEYqOi+ajqowRkKglkm/qGbIMLRCml
directory       /var/lib/ldap

access to attr=userPassword
    by self write
    by anonymous read
    by * none 

access to dn="uid=.*,ou=People,dc=zomba,dc=doobah,dc=net"
    by anonymous read 

access to attr=entry
    by anonymous read

#access to dn="cn=.*,ou=Group,dc=zomba,dc=doobah,dc=net"
#    by anonymous read

access to *
    by self write
    by users read
    by anonymous search

-- end slapd.conf snippet --

-- 

Grtz, 

Arjen.

Follow-Ups:
- Re: ACL issue
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: RE: Posix required
Next by Date: Object classes
Index(es):
- Chronological
- Thread