[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: [LDAP-SOFTWARE] ACLand regex (matching self)

To: OpenLDAP-software@OpenLDAP.org
Subject: Re: [LDAP-SOFTWARE] ACLand regex (matching self)
From: Ace Suares <ace@suares.nl>
Date: Mon, 24 Feb 2003 23:45:55 +0400
In-reply-to: <200302242313.54822.ace@suares.nl>
References: <200302242313.54822.ace@suares.nl>

>
> 1. is it normal that these things (whatever they are) need to be defined by
> me, the admin (or user if you prefer) ?
>
> 2. if so, where can I find a list of all the things I need to give ACL's
> for ?
>
> I am totally flabbergasted. I can't find any reference to these 'things' in
> any of the standard docs (man pages and admin guide).
>

I found something on a mialing list for redhat 7.2
https://listman.redhat.com/pipermail/enigma-list/2003-January/018306.html

# Sample Access Control
#       Allow read access of root DSE
#       Allow self write access
#       Allow authenticated users read access
#       Allow anonymous users to authenticate
#
#access to dn="" by * read
#access to *
#       by self write
#       by users read
#       by anonymous auth


Of course, only the first acl is interesting:
#Allow read access of root DSE
access to dn="" by * read

I put the in my ACL, but then the next thing that went wrong is:

Feb 25 03:10:04 curacao slapd[864]: => access_allowed: search access to 
"cn=Subschema" "objectClass" requested

So, now I suspect that somewhere a DN 'cn=Subschema' must exist. But, that is 
not in the root DSE anymore, if I understand this correctly. Do I need to 
make these dn's or are they 'system' dn's ?

_Ace

PS This seems to be a problemwith GQ (0.4.0) because with ldapexplorer these 
subschema's are not requested.

Follow-Ups:
- Re: [LDAP-SOFTWARE] ACLand regex (matching self)
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- Re: [LDAP-SOFTWARE] ACLand regex (matching self)
  - From: Ace Suares <ace@suares.nl>

Prev by Date: Re: SASL Segfault
Next by Date: Re: TLS question
Index(es):
- Chronological
- Thread