[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Problem, Insufficient access (50)



On Thu, 2005-12-22 at 16:19 +0200, Amir Saad wrote:
> i use openldap 2.3.11 , Heimdal Kerberos , Fedora 4

...

> here is my ACL files: (manager is my rootdn)
> *************************************************************************************************************************
> access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,dc=org" attrs=userPassword
>     by dn="cn=Manager,dc=test,dc=domain,dc=mydomain,dc=org" write
>     by self write
>     by * auth
> access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,dc=org"
>     by * read
> access to dn.regex="uid=(.*),ou=People,dc=test,dc=domain,dc=mydomain,dc=org"
>     by self write
>     by * read
> *************************************************************************************************************************

I don't know if that's part of the problem, but in your ACLs you're
building up most, if not all, the common errors that are widely
illustrated in slapd.access(5) and in the FAQ.  Did you read (and
understand) any of those docs before implementing your own ACLs?  I note
the OpenLDAP Project routinely gets complaints about the lack of
documentation; when documentation is available, it appears that people
don't really bother at reading (and understanding) it, so what really
pays back for the effort of writing and keeping it updated?

p.




Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------