[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: slapd and permissions

To: Jernej Kos <kostko@jweb-network.net>
Subject: Re: slapd and permissions
From: Pierangelo Masarati <ando@sys-net.it>
Date: Fri, 09 Apr 2004 15:38:29 +0200
Cc: openldap-software@OpenLDAP.org
References: <200404091449.41210.kostko@jweb-network.net> <4076A244.5070507@sys-net.it> <200404091532.31590.kostko@jweb-network.net>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.1) Gecko/20021003

Jernej Kos wrote:

Well, i am using OpenLDAP version 2.1.26, now i have even added ".regex" where needed. But it still doesn't work :( Users still don't have write access to their objects inside "Domains".

Now it looks like this and should be 2.1 and 2.2 compatible :P. access to dn.regex="ou=Domains,uid=(.*),ou=Drones,dc=unimatrix-one,dc=org" by dn="cn=root,dc=unimatrix-one,dc=org" write by dn="cn=borgd,dc=unimatrix-one,dc=org" write by dn.regex="uid=$1,ou=Drones,dc=unimatrix-one,dc=org" write by * read

OK. Now you should specify what kind of write access you need and you don't get with this ACL. In slapd.acces(5) of 2.2 you'll find a clear description of the access level you need to each portion of an entry for each operation. You should also indicate what identity you're using; you could look at logging with level 16 (ACL) to see whhere in the ACL check your access fails.

p.


   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497

Follow-Ups:
- Re: slapd and permissions
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: slapd and permissions
  - From: Jernej Kos <kostko@jweb-network.net>

References:
- slapd and permissions
  - From: Jernej Kos <kostko@jweb-network.net>
- Re: slapd and permissions
  - From: Pierangelo Masarati <ando@sys-net.it>
- Re: slapd and permissions
  - From: Jernej Kos <kostko@jweb-network.net>

Prev by Date: SSL certificates, kerberos keytabs, and load balancing
Next by Date: Re: slapd and permissions
Index(es):
- Chronological
- Thread