[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL

To: "Tony Earnshaw" <tonni@billy.demon.nl>
Subject: Re: OpenLDAP 2.1 and ACL
From: "Emmanuel Blot" <emmanuel.blot@free.fr>
Date: Sun, 2 Feb 2003 20:17:49 +0100
Cc: <openldap-software@OpenLDAP.org>
References: <016801c2ba8c$5f5cf2f0$0f06a8c0@oulx> <HBF.20030113kanr@bombur.uio.no><013f01c2bfe5$fa31f830$0f06a8c0@oulx> <HBF.20030121c88n@bombur.uio.no> <0ad801c2c588$d25cb3b0$0f06a8c0@oulx> <1043670061.5828.55.camel@localhost> <0d8701c2c65d$50973460$0f06a8c0@oulx> <1043743188.16001.49.camel@localhost>

> By filtering things like 'sn' and 'cn', you're only making everything
> doubly difficult for yourself. Why don't you just start with a
> bare-bones ACL and add what you want, one thing at a time, till it
> breaks? That's the way I do it.

I tried...

1/ with (only):
access to attr=userPassword
       by self write
       by anonymous auth

OpenLDAP complains it can't read 'cn' attribute (when the request filter is cn=<somevalue>).

2/ with (only):
access to attr=userPassword
       by self write
       by anonymous auth

access to attr=cn
       by * read

OpenLDAP starts to complain it cannot read 'entry' attribute...

I really don't know what would be a simpler ACL...

Could you send me yours ?

Thanks
Emmanuel.

Follow-Ups:
- Re: OpenLDAP 2.1 and ACL
  - From: Peter Marschall <peter.marschall@mayn.de>
- Re: OpenLDAP 2.1 and ACL
  - From: Tony Earnshaw <tonni@billy.demon.nl>

Prev by Date: Re: How to change the login look up order with LDAP?
Next by Date: Looks like a bug 8'(
Index(es):
- Chronological
- Thread