[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: [LDAP-SOFTWARE] ACLand regex (matching self)
>
> 1. is it normal that these things (whatever they are) need to be defined by
> me, the admin (or user if you prefer) ?
>
> 2. if so, where can I find a list of all the things I need to give ACL's
> for ?
>
> I am totally flabbergasted. I can't find any reference to these 'things' in
> any of the standard docs (man pages and admin guide).
>
I found something on a mialing list for redhat 7.2
https://listman.redhat.com/pipermail/enigma-list/2003-January/018306.html
# Sample Access Control
# Allow read access of root DSE
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
# by self write
# by users read
# by anonymous auth
Of course, only the first acl is interesting:
#Allow read access of root DSE
access to dn="" by * read
I put the in my ACL, but then the next thing that went wrong is:
Feb 25 03:10:04 curacao slapd[864]: => access_allowed: search access to
"cn=Subschema" "objectClass" requested
So, now I suspect that somewhere a DN 'cn=Subschema' must exist. But, that is
not in the root DSE anymore, if I understand this correctly. Do I need to
make these dn's or are they 'system' dn's ?
_Ace
PS This seems to be a problemwith GQ (0.4.0) because with ldapexplorer these
subschema's are not requested.