[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [LDAP-SOFTWARE] ACLand regex (matching self)




> > b. Let the one that binds to the database as 'app=qwido'
> > (yes, that entry has
> > it's own userpassword) read the entry app=qwido and anything under it.
>
> No. 'access to dn="foo=bar"' gives access to exactly one entry "foo=bar"
> and nothing else. If you want to give access to everything under it, use
> access to dn.sub="foo=bar"
> instead.

My problem is, that it *does* give access to anything under it;
and that also oc=isp001,app=qwido suddenly appears to be able to read the 
whole tree. See further details in other message.

-ace
>
>   -- Howard Chu
>   Chief Architect, Symas Corp.       Director, Highland Sun
>   http://www.symas.com               http://highlandsun.com/hyc
>   Symas: Premier OpenSource Development and Support