[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Simple ACL problem
Mensaje citado por Darren Gamble <Darren.Gamble@sjrb.ca>:
| Good day,
|
| I'm just trying to set up a simple ACL that lets users look at their own
| attributes, change their passwords, and not have access to the LDAP tree
| outside of the accounts subtree.
I only see write access to self with the password attr but they don't
seem to have write access to the accounts tree. The only write access to
the subtree seems to be the admin but I'm far from being an expert.
Hope this helps,
ed
|
| The ACL works, except that for some reason users can't modify their own
| passwords (the admin user can, though), instead getting an error 32 (no such
| object). As near as I can tell, the ACL _is_ set up properly, according to
| 5.3 in the 2.0 Admin Guide.
|
| Does anyone see the error? Using 2.0.27 on Red Hat 7.2 (we'll be upgrading
| to 2.1.X in the near future).
|
|
| access to attr=userPassword
| by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
| by self write
| by * auth
|
| access to dn.subtree="ou=Accounts,o=Shaw Cablesystems,c=CA"
| by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
| by * read
|
| access to *
| by dn="cn=admin,o=Shaw Cablesystems,c=CA" write
| by self read
| by * none
|
|
|
| Thanks in advance,
|
| ============================
| Darren Gamble
| Planner, Regional Services
| Shaw Cablesystems GP
| 630 - 3rd Avenue SW
| Calgary, Alberta, Canada
| T2P 4L4
| (403) 781-4948
|
|
--
-------------------------------------------------