[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL



søn, 2003-01-26 kl. 23:18 skrev Emmanuel Blot:

> I tried an alternaltive: to use group access, as documented.

Not =quite= as documented. Ihave everything you set up, just as you set
it up, with one difference - and mine works :-)

> access to attr=userPassword
>        by group="cn=administrators,ou=Anciens,o=ANIENIB,c=FR" write
>        by self write
>        by * auth

"by * auth" means "by users auth". Users are those who are already
authenticated. But the can't authenticate unless they can do that as
anonymous entities, i.e. before they're authenticated.

So: It should be "by anonymous auth".

Best,

Tony

-- 

Tony Earnshaw

When all's said and done ...
there's nothing left to say or do.

e-post:		tonni@billy.demon.nl
www:		http://www.billy.demon.nl