Re: ACL to permit access to some attributes

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Friday, April 02, 2004 2:27 PM +0200 Tony Earnshaw 
<tonye@billy.demon.nl> wrote:

> fre, 02.04.2004 kl. 12.21 skrev José M. Fandiño:
>
> > Quanah,
> >
> > first of all thank you for help me with this, you are the only
> > man in the list who try to resolve the problem.
>
> Hmmm ... can't let that pass :)
>
> > access to attrs=userPassword
> >         by self write
> >         by dn.exact="cn=admin,ou=users,dc=domain" write
> >         by anonymous auth
>
> Specify a base:
>
> access to dn="dc=fadesa,dc=es"
>   attr=userPassword
>   by self write
>   by dn="cn=admin,(whatever it is)" write
>   by anonymous auth
>   by * none

Yeah, that is the example he was looking at though, not the acl he's 
currently using:

access to dn.children="dc=fadesa,dc=es" attrs=objectclass,mail by * read

is his current one (see output).

Also, it is attrs= not attr= :)

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html