[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL questions

To: openldap-software@OpenLDAP.org
Subject: Re: ACL questions
From: MT <mlist@cmcflex.com>
Date: Tue, 11 Jul 2006 08:43:26 -0600
In-reply-to: <7.0.1.0.0.20060711102122.03aedcd8@OpenLDAP.org>
References: <0D8E99AE-F55E-410E-B3BD-80BA14621A44@cmcflex.com> <7.0.1.0.0.20060711102122.03aedcd8@OpenLDAP.org>

Okay, some how I kind of got it to work.  Here's my ACL's in order:

access to dn.children="dc=cmcflex,dc=com"
	by users write
	by * auth

access to attrs="telephoneNumber","homePhone","homePostalAddress","userPassword" by users write by * auth

access to *
	by anonymous read

Now user mtice[@]cmcflex.com can add an entry. However, now anonymous can't view "basic" (not userPassword, telephoneNumber,etc).

So, with increased logging turned on I get:
=>acl_mask: to all values by "", (=n)
<=check a_dn_pat: users
<=check a_dn_pat: *
<=acl_mask: [2] applying auth(=x) (stop)
<=acl_mask: [2] mask: auth(=x)
=>access_allowed: search access denied by auth(=x)

Follow-Ups:
- Re: ACL questions
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

References:
- ACL questions
  - From: MT <mlist@cmcflex.com>
- Re: ACL questions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: ACL questions
Next by Date: Re: openLDAP BDB back-end trouble
Index(es):
- Chronological
- Thread