[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL the 3rd try...



> tir, 29.06.2004 kl. 17.13 skrev Pierangelo Masarati:
> [...]
>
>
>> More sane ACLs would look like:
>>
>> ## let users read userPassword in order to Auth
>> access to dn.subtree="ou=produktion,o=adressbuch,dc=abmas,dc=biz"
>>         attr=userPassword
>>     by self =xw
>>     by anonymous auth
>
> ... by * none

implicit;

>
>> ## Allow Manager to write everything under production.
>> ## Allow self to write
>> ## rest read access
>> access to dn.subtree="ou=produktion,o=adressbuch,dc=abmas,dc=biz"
>>     by self write
>>     by * read
>
> I've found (recent OL versions) that I have to give write permission to
> the root dn as well as the subtree (a separate ACL) to be able to write.

implicit.

If not, it's a bug.  Please provide evidence against latest,
possibly by the ITS.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497