[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to permit access to some attributes

To: Tony Earnshaw <tonye@billy.demon.nl>, Openldap list <openldap-software@OpenLDAP.org>
Subject: Re: ACL to permit access to some attributes
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Fri, 02 Apr 2004 12:55:49 -0800
Content-disposition: inline
In-reply-to: <1080936288.2211.31.camel@localhost>
References: <406852D1.17DBB92B@fadesa.es> <2676543445.1080555809@cadabra.stanford.edu> <4069B1E0.3FFC53A@fadesa.es> <2761852313.1080641120@cadabra.stanford.edu> <406AAEA3.8FBFF216@fadesa.es> <65169568.1080726736@cadabra.stanford.edu> <406C438F.5B39E4AA@fadesa.es> <310260340.1080815810@cadabra-dsl.stanford.edu> <406D3EB1.29433DCB@fadesa.es> <1080908844.31403.24.camel@localhost> <241216831.1080902787@cadabra.stanford.edu> <1080936288.2211.31.camel@localhost>

--On Friday, April 02, 2004 10:04 PM +0200 Tony Earnshaw <tonye@billy.demon.nl> wrote:

fre, 02.04.2004 kl. 20.46 skrev Quanah Gibson-Mount:

> access to dn="dc=fadesa,dc=es"
>   attr=userPassword
>   by self write
>   by dn="cn=admin,(whatever it is)" write
>   by anonymous auth
>   by * none
>

Yeah, that is the example he was looking at though, not the acl he's
currently using:

Huh? He had no base dn.


These are his current acl's:

access to dn.base=""
by * read
by * break

access to dn.base="cn=Subschema"
by * read
by * break

access to dn.children="dc=fadesa,dc=es" attrs=objectclass,mail
by * read

Those have the base DN in where needed. ;)


What he said was, I saw this ACL as an example:

access to attrs=userPassword
       by self write
       by dn.exact="cn=admin,ou=users,dc=domain" write
       by anonymous auth

Not that he was using it. ;)

Also, it is attrs= not attr= :)
*shrug* - both work; I use attr for one, attrs for more than one.

Hm, I'll have to remember that... I don't see attr= documented in slapd.access, I wonder if that is a bug.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

Follow-Ups:
- Re: ACL to permit access to some attributes
  - From: Tony Earnshaw <tonye@billy.demon.nl>

References:
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL to permit access to some attributes
  - From: "José M. Fandiño" <ldap@fadesa.es>
- Re: ACL to permit access to some attributes
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: ACL to permit access to some attributes
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: ACL to permit access to some attributes
  - From: Tony Earnshaw <tonye@billy.demon.nl>

Prev by Date: Transferring LDAP databases between dissimilar DBs
Next by Date: Re: ACL to permit access to some attributes
Index(es):
- Chronological
- Thread