[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Problems with ACL's
> Hi all,
> I need your help.
> I have problems to create ACL's.
>
> All users should read the attributes cn, sn, mail and telephoneNumber.
> All other attributes should read by all users without the special user
> "cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de". This user should only
> read the attributes cn, sn, mail, telephoneNumber.
> Is this possible ???
>
> My slapd.conf <snippet>:
> access to attr=userPassword
> by dn="cn=Manager,ou=xyz,o=abc,c=de" write
> by self write
> by anonymous auth
> by * none
>
> access to attr=cn,sn,mail,telephoneNumber
> by * read
>
> access to *
> by self read
> by dn="cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de" none
> by users read
Try something like
# everybody auth access; self also write (but not read) access
access to attrs=userPassword
by self =xw
by * =x
# need objectClass search access to search with "(objectClass=*)"
access to attrs=objectClass
by dn.exact="cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de" =s
by users read
# need read access to "entry" and to attrs
access to attrs=entry,cn,sn,mail,telephoneNumber
by users read
# access to everything else allowed only to other users
access to *
by dn.exact="cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de" none
by users read
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it
SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497