[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: adding access control for replication user



On Sun, 18 Apr 2004, Pierangelo Masarati wrote:

> > Thanks that does make things work, I did in fact have something similar
> > exept it was more like ...
> >
> > access to attrs=userPassword
> > by dn="<your replicator's DN>" write
> > by self write
> > by * auth
>
> Likely you added a last directive of the form
> access to *
>         by dn.exact="<your replicator's DN>" write
>
> This by default implies that anonymous users can't read "*".
>
> If your intention is that everything that's not explicitly
> protected by ACLs must be readable by all including anonymous,
> then add a last directive of the form
>
> access to *
>         by dn.exact="<your replicator's DN>" write
>         by * read
>
rats when I run ldapsearch -x it still will not work.

Here is my acl
<snip>
access to dn="" by * read
access to *
       by self write
       by users read
       by anonymous auth
       by dn.exact="UID=REPLICATOR,OU=ADMINS,O=HOMETOWN" write
       by * read
</snip>