[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: Access Control
- Subject: RE: Access Control
- From: "Kiran Bacche" <kiran.bacche@wipro.com>
- Date: Fri, 16 May 2003 09:14:08 +0530
- Cc: <openldap-software@OpenLDAP.org>
- Content-class: urn:content-classes:message
- Thread-index: AcMauEZMarPK4VnbRGOQVP5EqLY1GgAAMk6gACjm3fA=
- Thread-topic: Access Control
Hi All
Anyone who can give info on the following access control query? (see
below)
Thanks in advance
Kiran
-----Original Message-----
From: Kiran Bacche
Sent: Thursday, May 15, 2003 1:50 PM
Cc: openldap-software@OpenLDAP.org
Subject: Access Control
I am using openlapd on redHat Linux 8.0
Rootdn is "o=mydomain.com"
And I have three entries under it.
Entry 1. "ou=Unit1, o=mydomain.com"
Entry 2. "ou=Unit2, o=mydomain.com"
Entry 3. "ou=Unit3, o=mydomain.com"
All three have userPassword attr, set thru ldappasswd utility.
Now how shud the access control in slapd.conf be so that
A) lapdmodify -h localhost -D "ou=Unit1, o=mydomain.com" -x -w
passForUnit1 -f x.ldif
should allow modification of Entry 1.
But lapdmodify -h localhost -D "ou=Unit2, o=mydomain.com" -x -w
passForUnit2 -f x.ldif
or lapdmodify -h localhost -D "ou=Unit3, o=mydomain.com" -x -w
passForUnit3 -f x.ldif
should not.
x.ldif contains
dn: ou=Unit1, o=mydomain.com
Ou: Unit1
objectClass: organizationalUnit
B) Any one can serach the ldap database, but they have to authenticate
with their respective passwords.
I thought of something like this
access *
by dn="o=mydomina.com" write
by self write
by * read
But this did not help at all!
Thanx
Kiran
**************************Disclaimer************************************
Information contained in this E-MAIL being proprietary to Wipro Limited
is
'privileged' and 'confidential' and intended for use only by the
individual
or entity to which it is addressed. You are notified that any use,
copying
or dissemination of the information contained in the E-MAIL in any
manner
whatsoever is strictly prohibited.
************************************************************************
***
**************************Disclaimer************************************
Information contained in this E-MAIL being proprietary to Wipro Limited is
'privileged' and 'confidential' and intended for use only by the individual
or entity to which it is addressed. You are notified that any use, copying
or dissemination of the information contained in the E-MAIL in any manner
whatsoever is strictly prohibited.
***************************************************************************