[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with access control

To: openldap-software@OpenLDAP.org
Subject: Re: problem with access control
From: Ottavio Campana <ottavio@campana.vi.it>
Date: Mon, 08 Mar 2004 19:09:56 +0100
In-reply-to: <20040308173354.GA37753@leela.mars.de>
References: <404CA729.7090207@campana.vi.it> <20040308173354.GA37753@leela.mars.de>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20031221 Thunderbird/0.4

Frank Thyes wrote:

Should be enough....

by the way, I'm thinking that maybe I can get some collision beetwen the access rules. I've got:

access to attribute=userPassword
        by dn="cn=amministratore,dc=campana,dc=vi,dc=it" write
        by anonymous auth
        by self write
        by * none


access to dn.base="" by * read


access to *
        by dn="cn=amministratore,dc=campana,dc=vi,dc=it" write
        by * read


access to dn.subtree="ou=Ottavio,ou=Rubriche,dc=campana,dc=vi,dc=it"
        by dn="uid=bott,ou=Users,dc=campana,dc=vi,dc=it" write
        by * none

maybe is the third rule that isn't hidden by the last one?

In this situation how should I change the third rule so that everyone doesn't get read access to ou=Rubriche,dc=campana,dc=vi,dc=it and everything in it?

And on one last thing: can I create a rule that allows cn=amministratore,dc=campana,dc=vi,dc=it to login only from localhost?

--
Non c'è più forza nella normalità, c'è solo monotonia.

Attachment: signature.asc
Description: OpenPGP digital signature

Follow-Ups:
- ACL questions.
  - From: Diego Julian Remolina <dijuremo@math.gatech.edu>

References:
- problem with access control
  - From: Ottavio Campana <ottavio@campana.vi.it>

Prev by Date: Re: problem with access control
Next by Date: Re: problem with access control
Index(es):
- Chronological
- Thread