[Date Prev][Date Next] [Chronological] [Thread] [Top]

Simple ACL problem



Good day,

I'm just trying to set up a simple ACL that lets users look at their own
attributes, change their passwords, and not have access to the LDAP tree
outside of the accounts subtree.

The ACL works, except that for some reason users can't modify their own
passwords (the admin user can, though), instead getting an error 32 (no such
object).  As near as I can tell, the ACL _is_ set up properly, according to
5.3 in the 2.0 Admin Guide.

Does anyone see the error?  Using 2.0.27 on Red Hat 7.2 (we'll be upgrading
to 2.1.X in the near future).


access to attr=userPassword
        by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
        by self write
        by * auth

access to dn.subtree="ou=Accounts,o=Shaw Cablesystems,c=CA"
        by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
        by * read

access to *
        by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
        by self read
        by * none



Thanks in advance,

============================
Darren Gamble
Planner, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948