[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd and permissions
Well, i am using OpenLDAP version 2.1.26, now i have even added ".regex" where
needed. But it still doesn't work :( Users still don't have write access to
their objects inside "Domains".
Now it looks like this and should be 2.1 and 2.2 compatible :P.
access to dn.regex="ou=Domains,uid=(.*),ou=Drones,dc=unimatrix-one,dc=org"
by dn="cn=root,dc=unimatrix-one,dc=org" write
by dn="cn=borgd,dc=unimatrix-one,dc=org" write
by dn.regex="uid=$1,ou=Drones,dc=unimatrix-one,dc=org" write
by * read
Regards,
Kostko.
On Friday 09 of April 2004 15:16, Pierangelo Masarati wrote:
> depending on the version of the code you're running, this can either be
> wrong
> or right. In 2.1, this should be almost fine; in 2.2 it's definitely
> wrong, because
> the default for DN match in <who> clauses has moved from "regex" to
> "exact", and your third <who> clause doesn't do what you expect. This is
> very well documented in the slapd.access(5) man page that accompanies the
> code in each version (I wrote it myself, so I know it quite well) and it is
> a clear demonstration
> that default should never be trusted (I think they'll be removed at some
> point).
> It has also been mentioned many times on the mailing lists because it is
> a common
> source of errors.
--
Kostko <kostko@jweb-network.net>
JWeb-Network