[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [LDAP-SOFTWARE] ACLand regex (matching self)

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: [LDAP-SOFTWARE] ACLand regex (matching self)
From: Ace Suares <ace@suares.nl>
Date: Sun, 23 Feb 2003 22:18:50 +0400
In-reply-to: <001a01c2db9c$c7b6c3e0$0e01a8c0@CELLO>
References: <001a01c2db9c$c7b6c3e0$0e01a8c0@CELLO>


> > b. Let the one that binds to the database as 'app=qwido'
> > (yes, that entry has
> > it's own userpassword) read the entry app=qwido and anything under it.
>
> No. 'access to dn="foo=bar"' gives access to exactly one entry "foo=bar"
> and nothing else. If you want to give access to everything under it, use
> access to dn.sub="foo=bar"
> instead.

My problem is, that it *does* give access to anything under it;
and that also oc=isp001,app=qwido suddenly appears to be able to read the 
whole tree. See further details in other message.

-ace
>
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support

References:
- RE: [LDAP-SOFTWARE] ACLand regex (matching self)
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: Re: [LDAP-SOFTWARE] ACLand regex (matching self)
Next by Date: Re: [LDAP-SOFTWARE] ACLand regex (matching self)
Index(es):
- Chronological
- Thread