[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL



> By filtering things like 'sn' and 'cn', you're only making everything
> doubly difficult for yourself. Why don't you just start with a
> bare-bones ACL and add what you want, one thing at a time, till it
> breaks? That's the way I do it.

I tried...

1/ with (only):
access to attr=userPassword
       by self write
       by anonymous auth

OpenLDAP complains it can't read 'cn' attribute (when the request filter is cn=<somevalue>).

2/ with (only):
access to attr=userPassword
       by self write
       by anonymous auth

access to attr=cn
       by * read

OpenLDAP starts to complain it cannot read 'entry' attribute...

I really don't know what would be a simpler ACL...

Could you send me yours ?

Thanks
Emmanuel.