[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs, groups, and regular expressions... oh my

To: openldap-software@OpenLDAP.org
Subject: Re: ACLs, groups, and regular expressions... oh my
From: Dieter Kluenter <dieter@dkluenter.de>
Date: Mon, 10 Mar 2003 08:58:02 +0100
In-reply-to: <42536.65.37.119.202.1047261749.squirrel@webmail.rmci.net> ("Paul Wilson"'s message of "Sun, 9 Mar 2003 19:02:29 -0700 (MST)")
References: <42536.65.37.119.202.1047261749.squirrel@webmail.rmci.net>
User-agent: Gnus/5.090005 (Oort Gnus v0.05) XEmacs/21.4 (Informed Management, i686-pc-linux)

Hi,

"Paul Wilson" <elviscious@rmci.net> writes:

> I have been trying to formulate an acl that will allow read access to the
> ldap server, if they are a member of any of the groups.
>
> Here is the acl I came up with:
>
> access to *
>    by group="cn=(.*),dc=example,dc=com read
>    by anonymous bind
>    by * none

> Now as I see it anybody that is a member of any group there should get
> read access to the box.  However, that of course, is not happening.

No, you don't have a group entry. Better use the dn.subtree
statement. See man (5) slapd.access

-Dieter
-- 
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter@schevolution.com
http://www.schevolution.com/tour

Follow-Ups:
- Re: ACLs, groups, and regular expressions... oh my
  - From: Tony Earnshaw <tonni@billy.demon.nl>
- Re: ACLs, groups, and regular expressions... oh my
  - From: "Paul Wilson" <elviscious@rmci.net>

References:
- ACLs, groups, and regular expressions... oh my
  - From: "Paul Wilson" <elviscious@rmci.net>

Prev by Date: Re: Slurpd fails
Next by Date: DN with comma.
Index(es):
- Chronological
- Thread