[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: phpldapadmin Config
On Tue, 2004-07-13 at 14:33, Quanah Gibson-Mount wrote:
> --On Tuesday, July 13, 2004 1:41 PM -0400 Josiah Ritchie
> <jritchie@bible.edu> wrote:
>
> > Tried those searches above and they didn't work so I went with
> > commenting out the ACLs and adding in "access to * by * write" and
> > things started working as expected.
> >
> > Now I need to rewrite my ACLs I guess. Here's what I have:
> > access to dn.base="" by * read
> > access to dn.base="cn=Subschema" by * read
> > access to *
> > by self write
> > by users read
> > by anonymous auth
> > access to dn=".*,dc=cougarnet,dc=bible,dc=edu" attr="userPassword"
> > by dn="cn=Manager,ou=people,dc=cougarnet,dc=bible,dc=edu" write
> > by dn="cn=samba,ou=People,dc=cougarnet,dc=bible,dc=edu" write
> > by self write
> > by * auth
> >
> > Looks to me like "access to * by anonymous auth" and "access to dn="..."
> > attr="userPassword by * auth" should allow this, but obviously I'm
> > wrong.
> >
> > Thanks for helping me out with this. It's good to know that we now know
> > what the problem is and seems like it should be easy to fix with a bit
> > more knowledge on my part. Appreciate it.
> >
> > Does dn.base="" equate to dn=".*,dc=cougarnet,dc=bible,dc=edu"?
>
> ACL's always stop at the first applicable stop, unless the ACL has a break
> statement.
>
> So your "access to *" ACL is where everything will stop, nothing past that
> will be read.
>
> If you add:
>
> by * break
>
> to it, you should start getting different results.
>
> You may wish to read:
>
> <http://www.stanford.edu/services/directory/openldap/configuration/slapd-acl.html>
Thank you again for your help. I printed off the link you sent and am
confident that your suggestion will get things working as desired. Thank
you for your help.
JSR/