[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd.conf access statement
Hi,
Jason Parsons <jparsons-lists@saffron.net> writes:
> I have LDAP entries that look something like this:
>
> dn: ou=blah.net,ou=accounts,dc=example,dc=net
> userpassword: password
> dn: cn=one,ou=blah.net,ou=accounts,dc=example,dc=net
>
> dn: ou=something.net,ou=accounts,dc=example,dc=net
> userpassword: password2
> dn: cn=one,ou=something.net,ou=accounts,dc=example,dc=net
> dn: cn=two,ou=something.net,ou=accounts,dc=example,dc=net
>
>
> I would like to allow a user identified by the userpassword to have
> write access to all of the entries "under" that DN (cn=one, cd=two,
> ..."). I'm not exactly sure how to do this in slapd.conf. Can
> someone point me to syntax for the 'access' statements here? I have
> read the man page and help pages, and it's not clear. It seems that
> 'by self' only allows access to the entry itself, and not to the
> entries "under" that entry.
access to cn=one,ou=blah.net,ou=accounts,dc=example,dc=net
by dn.children= "cn=one,ou=blah.net,ou=accounts,
dc=example,dc=net" write
could be a possibility, or a bit more sophisticated
access to dn.subtree="cn=one,ou=blah.net,ou=accounts,dc=example,dc=net"
by dn.children="cn=one,ou=blah.net,ou=accounts,
dc=example,dc=net" read continue
by dn.exact="uid=(.*),cn=one,ou=blah.net,ou=accounts,
dc=example,dc=net" selfwrite continue
by * none stop
See man (5) slapd.access
-Dieter
--
Dieter Kluenter | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour