[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACI's and 'by users read'
- To: openldap-software@OpenLDAP.org
- Subject: ACI's and 'by users read'
- From: Turbo Fredriksson <turbo@bayour.com>
- Date: Mon, 31 Jan 2005 13:29:16 +0100
- Organization: LDAP/Kerberos expert wannabe
- User-agent: Gnus/5.1006 (Gnus v5.10.6) Emacs/20.7 (gnu/linux)
I'm trying to move a 'by users read' to ACI, but I'm having little
luck...
Looking at the code (servers/slapd/acl.c), I see that '#users#' should
be possible, but isn't working for some reason (I can't read ANY of
these attributes other than as my self - turbo)...
----- s n i p -----
dn: c=SE
OpenLDAPaci: 0#entry#grant;r,s,c;objectClass,[entry]#public#
OpenLDAPaci: 1#entry#grant;r,s,c;useControls,useEzmlm,useBind9,useWebSrv,autoR
eload,allowServerChange,whoAreWe,language,hostMaster,ezmlmBinaryPath,krb5Real
mName,krb5AdminServer,krb5PrincipalName,krb5AdminKeytab,krb5AdminCommandPath,
controlBaseDn,ezmlmAdministrator,controlsAdministrator,useACI#users#
OpenLDAPaci: 2#entry#grant;w,r,s,c,x;[all]#access-id#uid=turbo,ou=People,o=Fre
driksson,c=SE
----- s n i p -----