[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ldap access



If I read correctly, the only change was to add 'by * break'. I
tried that, first only in the dc=employee section and then in
both section. I got the same results. All the searches worked
as before, but the modify gave 'insufficient access(50)' (as
before). I also tried adding the write acl for douglas to them,
but that gave the same error. I put the write acl for douglas
right before the 'by * break'. Any ideas? I appreciate the help!

-----Original Message-----
From: Quanah Gibson-Mount [mailto:quanah@stanford.edu]
Sent: Friday, January 23, 2004 3:29 PM
To: Douglas B. Jones; openldap-software@OpenLDAP.org
Subject: Re: ldap access




--On Friday, January 23, 2004 3:01 PM -0500 "Douglas B. Jones"
<douglas@gpc.edu> wrote:

> access  to attr=userPassword
>         by anonymous auth
>         by users auth
          by * break
>
> access  to attrs=entry,uid,sn,mail,ou,cn,givenname
>         by users read
>         by anonymous read
          by * break
>
> access to *
>         by dn="uid=douglas,dc=employee,dc=gpc,dc=edu" write

You might try this.  Right now, you are saying that douglas has write to
everything but the first two things you already defined acl's for.  If that
doesn't work, add the
by dn="uid=douglas,dc=employee,dc=gpc,dc=edu" write
to the previous to ACL's as well.

--Quanah


--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html