[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: sasl UID mapping



Hi Quanah,

On Sat, 17 Jan 2004, Quanah Gibson-Mount wrote:

> Paul,
> 
> I'm going to give you a helping hand. :)

Actually, I was already using some of your other posts to the lists 
as reference (well, perhaps not yours, but definitely 
from stanford.edu). :)

> Here's the beginning of our ACL file that allows this to happen without given
> read access:
> 
> # $Id: slapd.acl,v 1.124 2003/12/18 03:16:42 quanah Exp $
> # ACL include file for slapd
> #
> 
> access to dn.base=""
>        by * read

ok, had this.

> access to dn.base="cn=monitor"
>        by * read

What is this for?
 
> access to *
>        by group.base="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu"
> sasl_ssf=56 read
>        by * break

Woudlnt this then prevent group.base="cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu"
gainning any other permissions, eg write? Or do you have other more 
specific ACLs previous to this ACL?

> access to attrs=krb5PrincipalName,member,suseasstatus
>        by anonymous compare
>        by * break

This i have.

> access to attrs=entry
>        by * read
> 
> --Quanah

Thanks!

regards,
-- 
Paul Jakma	paul@clubi.ie	paul@jakma.org	Key ID: 64A2FF6A
	warning: do not ever send email to spam@dishone.st
Fortune:
There's something different about us -- different from people of Europe,
Africa, Asia ... a deep and abiding belief in the Easter Bunny.
		-- G. Gordon Liddy