[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP 2.1 and ACL

Subject: Re: OpenLDAP 2.1 and ACL
From: Mitrana Cristian <cmitrana@xnet.ro>
Date: Mon, 03 Feb 2003 15:41:57 +0200
Cc: openldap-software@OpenLDAP.org
In-reply-to: <00c601c2cb0b$a783b2a0$0f06a8c0@oulx>
References: <016801c2ba8c$5f5cf2f0$0f06a8c0@oulx> <1043743188.16001.49.camel@localhost> <005201c2caef$c728f5a0$0f06a8c0@oulx> <200302022106.55408.peter.marschall@mayn.de> <00c601c2cb0b$a783b2a0$0f06a8c0@oulx>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021203

Emmanuel Blot wrote:

access to * by * read


Yes, it works.
The problem is that if this line does not appear at the end of the file, I get the 'entry'
attribute issue.
Is this rule always required ?

I'm frightened to forget one of the above rules in the ACL definition and that some important
attributes could therefore be read by anyone...

I've tried to reduce this final rule to

access to *
 by * search

and it fails.

Thanks,
Emmanuel.

I think it's stated in the admin guide that giving access to "attr=..." you will have to add access to "entry" which refers to the ldap entry (thought as a row in a RDBMS db) itself. Try reading again the chapter about ACL in the admin guide.

hth,
mitu

References:
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>
- Re: OpenLDAP 2.1 and ACL
  - From: Peter Marschall <peter.marschall@mayn.de>
- Re: OpenLDAP 2.1 and ACL
  - From: "Emmanuel Blot" <emmanuel.blot@free.fr>

Prev by Date: Windows compile & install - help needed
Next by Date: Re: restart the LDAP
Index(es):
- Chronological
- Thread