[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access list - limiting access to attribute

To: openldap-software@OpenLDAP.org
Subject: Access list - limiting access to attribute
From: Lukas Kubin <kubin@opf.slu.cz>
Date: Tue, 13 Apr 2004 15:36:54 +0200
Organization: Silesian university in Opava
User-agent: Mozilla Thunderbird 0.5 (X11/20040306)

I need to limit access to mail-related attributes of my users' tree.
I created the following acl entries:

access to dn="ou=(groups|users|services),dc=one,dc=two,dc=com$$"
  attrs=mail
  by dn="cn=admin,dc=two,dc=com$$" write
  by self write
  by dn.base="uid=mailBrowser,ou=system,dc=one,dc=two,dc=com" read
  by dn.base="uid=usersBrowser,ou=system,dc=one,dc=two,dc=com" read

access to dn="ou=(groups|users|services),dc=one,dc=two,dc=com$$"
  by dn="cn=admin,dc=two,dc=com$$" write
  by dn.base="uid=usersBrowser,ou=system,dc=one,dc=two,dc=com" read
  by self read

But I still cannot make user "mailBrowser" to browse the attribute "mail". It cannot access it unless it is given same privileges as user "usersBrowser" has. But it can see all other attributes then.

What am I doing wrong?

Thank you.

lukas

--
Lukas Kubin

phone: +420596398275
email: kubin@opf.slu.cz

Information centre
The School of Business Administration in Karvina
Silesian University in Opava
Czech Republic
http://www.opf.slu.cz

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Access list - limiting access to attribute
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>
- Re: Access list - limiting access to attribute
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Access list - limiting access to attribute
  - From: Hallvard B Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: distributed directories
Next by Date: Re: Access list - limiting access to attribute
Index(es):
- Chronological
- Thread