[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
access control
Hi, list
I'm using openldap 2.3.21 on rhel3.
For authorization I use several fields:
userPassword
sambaLMPassword
sambaNTPassword
sshPublicKey
I want to limit access to this fields.
anonymous auth, self write, none for others for password fields.
anonymous read access to sshPublicKey.
write access to inetOrgPerson attributes for special group.
anonymous read for any other fields.
Problem is -- access to sshPublicKey for anonymous does not work.
My slapd.conf has:
# access to auth fields.
access to
dn.regex="^(.+)o=oil([^,]+)$"
attrs=userPassword,sambaLMPassword,sambaNTPassword
by anonymous auth
by self write
by * none
# access to ssh public key
access to
dn.regex="^(.+)o=oil([^,]+)$"
attrs=sshPublicKey
by self write
by * read
# access to information fields
access to
dn.regex="^(.+)o=oil([^,]+)$"
attrs=@inetOrgPerson,cn
by self write
by group/groupOfUniqueNames/uniqueMember.expand="cn=Users Editors,ou=groups,o=oil$2" write
by users read
# default access
access to * by * read
What's wrong?
WBR
--
Dmitriy Kirhlarov
OILspace, 26 Leninskaya sloboda, bld. 2, 2nd floor, 115280 Moscow, Russia
P:+7 495 105 7247 ext.203 F:+7 495 105 7246 E:DmitriyKirhlarov@oilspace.com
OILspace - The resource enriched - www.oilspace.com