[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: OpenLDAP 2.1 and ACL
- To: "Tony Earnshaw" <tonni@billy.demon.nl>
- Subject: Re: OpenLDAP 2.1 and ACL
- From: "Emmanuel Blot" <emmanuel.blot@free.fr>
- Date: Sun, 2 Feb 2003 20:17:49 +0100
- Cc: <openldap-software@OpenLDAP.org>
- References: <016801c2ba8c$5f5cf2f0$0f06a8c0@oulx> <HBF.20030113kanr@bombur.uio.no><013f01c2bfe5$fa31f830$0f06a8c0@oulx> <HBF.20030121c88n@bombur.uio.no> <0ad801c2c588$d25cb3b0$0f06a8c0@oulx> <1043670061.5828.55.camel@localhost> <0d8701c2c65d$50973460$0f06a8c0@oulx> <1043743188.16001.49.camel@localhost>
> By filtering things like 'sn' and 'cn', you're only making everything
> doubly difficult for yourself. Why don't you just start with a
> bare-bones ACL and add what you want, one thing at a time, till it
> breaks? That's the way I do it.
I tried...
1/ with (only):
access to attr=userPassword
by self write
by anonymous auth
OpenLDAP complains it can't read 'cn' attribute (when the request filter is cn=<somevalue>).
2/ with (only):
access to attr=userPassword
by self write
by anonymous auth
access to attr=cn
by * read
OpenLDAP starts to complain it cannot read 'entry' attribute...
I really don't know what would be a simpler ACL...
Could you send me yours ?
Thanks
Emmanuel.