[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: problem with access control



Frank Thyes wrote:
Should be enough....

by the way, I'm thinking that maybe I can get some collision beetwen the access rules. I've got:


access to attribute=userPassword
        by dn="cn=amministratore,dc=campana,dc=vi,dc=it" write
        by anonymous auth
        by self write
        by * none


access to dn.base="" by * read


access to * by dn="cn=amministratore,dc=campana,dc=vi,dc=it" write by * read


access to dn.subtree="ou=Ottavio,ou=Rubriche,dc=campana,dc=vi,dc=it" by dn="uid=bott,ou=Users,dc=campana,dc=vi,dc=it" write by * none

maybe is the third rule that isn't hidden by the last one?

In this situation how should I change the third rule so that everyone doesn't get read access to ou=Rubriche,dc=campana,dc=vi,dc=it and everything in it?

And on one last thing: can I create a rule that allows cn=amministratore,dc=campana,dc=vi,dc=it to login only from localhost?

--
Non c'è più forza nella normalità, c'è solo monotonia.

Attachment: signature.asc
Description: OpenPGP digital signature