[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Problems with ACL's



> Hi all,
> I need your help.
> I have problems to create ACL's.
>
> All users should read the attributes cn, sn, mail and telephoneNumber.
> All other attributes should read by all users without the special user
> "cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de". This user should only
> read the attributes cn, sn, mail, telephoneNumber.
> Is this possible ???
>
> My slapd.conf <snippet>:
> access to attr=userPassword
>         by dn="cn=Manager,ou=xyz,o=abc,c=de" write
>         by self write
> 	by anonymous auth
>         by * none
>
> access to attr=cn,sn,mail,telephoneNumber
>         by * read
>
> access to *
>         by self read
>         by dn="cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de" none
>         by users read

Try something like

# everybody auth access; self also write (but not read) access
access to attrs=userPassword
        by self =xw
        by * =x

# need objectClass search access to search with "(objectClass=*)"
access to attrs=objectClass
        by dn.exact="cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de" =s
        by users read

# need read access to "entry" and to attrs
access to attrs=entry,cn,sn,mail,telephoneNumber
        by users read

# access to everything else allowed only to other users
access to *
        by dn.exact="cn=public,ou=users,ou=services,ou=xyz,o=abc,c=de" none
        by users read

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it


    SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497