[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's and madness

To: ldap list <openldap-software@OpenLDAP.org>
Subject: Re: ACL's and madness
From: Mitrana Cristian <cmitrana@xnet.ro>
Date: Thu, 20 Feb 2003 10:34:01 +0200
In-reply-to: <1045709232.1197.32.camel@localhost.localdomain>
References: <1045709232.1197.32.camel@localhost.localdomain>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.2) Gecko/20021203

Tom Possin wrote:
bonehead mistake that I am blind to.


#authenticated users can create and modify private child entries(theory)
access to dn=".*,uid=.*,ou=users,ou=People,dc=home,dc=com"
	by dn="$1" write
	by anonymous auth


I don't have an environment to test it, but you can try something of :

access to dn.subtree="uid=([^,]+),ou=users,ou=People,dc=home,dc=com"
	by dn="$1,ou=users,ou=People,dc=home,dc=com write
	by * none
(could be "children" instead of "subtree" but I don't even have
and entry in the man section for slapd.acces).
I'll try something that really workds when I get the chance to
fire up slapd :) and  get back to you.

hth,
mitu

Follow-Ups:
- Re: ACL's and madness
  - From: Tony Earnshaw <tonni@billy.demon.nl>

References:
- ACL's and madness
  - From: Tom Possin <tpossin@ywammt.org>

Prev by Date: Re: OpenLdap/SASL/TLS ...
Next by Date: Re: ACL's and madness
Index(es):
- Chronological
- Thread