[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subordinate ACL question

To: openldap-software@OpenLDAP.org
Subject: Re: Subordinate ACL question
From: Luke Howard <lukeh@padl.com>
Date: Wed, 10 Nov 2004 10:20:49 +1100
Organization: PADL Software Pty Ltd
References: <200411090936.iA99abHE054319@au.padl.com> <60915.131.175.154.56.1099996163.squirrel@131.175.154.56> <200411091043.iA9AhD1K057496@au.padl.com> <60969.131.175.154.56.1099998397.squirrel@131.175.154.56> <200411091131.iA9BVLqd059349@au.padl.com> <4190B2DD.5030904@symas.com> <200411091224.iA9COTKX063156@au.padl.com> <1BD3C53D9F76860A985F0A34@[10.0.0.1]>
Versions: dmail (bsd44) 2.6d/makemail 2.10

>> Actually, I wonder if I could get away with just putting
>> "by * break" at the end of each special-case rule, which
>> would fall through to the "access to *" at the end.
>
>That's actually what I've done... I have a 400+ long ACL file with lots of 
>by * break. :P

It seems that this addresses my main concern (repeating default subjects
just to give a specific subject additional access).

So know I have something like (again contrived):

access to attrs=favouriteDrink
	by group/group/member.exact="CN=Drinkers" write
	by * break

access to attrs=entry,@pilotPerson
	by group/group/member.exact="CN=Pilots" write
	by * break

access to *
	by group/group/member.exact="CN=Administrators" write
	by dn.exact="CN=Administrator" write
	by users read
	by anonymous sockurl=ldapi:// read
	by * auth

-- Luke

--

Follow-Ups:
- Re: Subordinate ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: Howard Chu <hyc@symas.com>
- Re: Subordinate ACL question
  - From: Luke Howard <lukeh@padl.com>
- Re: Subordinate ACL question
  - From: Quanah Gibson-Mount <quanah@stanford.edu>

Prev by Date: Re: replication problems
Next by Date: Re: OpenLDAP: ACL : urgent
Index(es):
- Chronological
- Thread