[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL for only creating entry
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Pierangelo,
do you consider yourself an ACL expert ? (For all I know, you might have
invented ACL's ! I am just a beginner (still, after one year fighting with
it) ).
Because, I tested once again the following ACL's and it allowed me to create
an entry, but not read it.
If you are such an expert and know for sure that 'attrs=entry' is meaningless,
in this case, please be so kind an explain to me WHY. It seems to work. Maybe
my test setup is wrong - that happened to me before.
I haven't tested your suggestion yet (setting =xcsw) but previous test that I
did turned out to always include r if you set w.
_Ace
# Allow read access of root DSE to ALL
access to dn=""
by * read
#Allow read access of 'cn=Subschema' to ALL
access to dn="cn=Subschema"
by * read
access to
dn.regex="^qwidoManager=.+,qwidoRole=qwidoManager,qwidoApp=qwido$"
attrs=entry
by dn.exact="qwidoApp=qwido" write
by * none
access to dn.regex=".*,qwidoRole=qwidoManager,qwidoApp=qwido$"
by * none
access to dn.base="qwidoRole=qwidoManager,qwidoApp=qwido" attrs=children
by dn.exact="qwidoApp=qwido" write
by * none
access to dn.base="qwidoRole=qwidoManager,qwidoApp=qwido"
by dn.exact="qwidoApp=qwido" write
by * none
access to dn.regex=".*,qwidoApp=qwido$"
by * none
access to dn.base="qwidoApp=qwido" attrs=userpassword
by self read
by anonymous auth
by * none
access to dn.base="qwidoApp=qwido" attrs=children
by dn.exact="qwidoApp=qwido" write
by * none
access to dn.base="qwidoApp=qwido"
by self read
by * none
access to *
by * none
Greetings,
ace
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/3dGky7boE8xtIjURAjBVAJ4i373NR4oCi/T3QZQ9szYSm1fksgCfRihZ
UhiXqowHe9bmC13TO+Leij0=
=S840
-----END PGP SIGNATURE-----