[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL questions

To: openldap-software@OpenLDAP.org
Subject: Re: ACL questions
From: MT <mlist@cmcflex.com>
Date: Tue, 11 Jul 2006 12:08:31 -0600
In-reply-to: <200607111845.11872.bgmilne@staff.telkomsa.net>
References: <0D8E99AE-F55E-410E-B3BD-80BA14621A44@cmcflex.com> <7.0.1.0.0.20060711102122.03aedcd8@OpenLDAP.org> <31DF897F-AEBB-4452-98BB-96F8914049E4@cmcflex.com> <200607111845.11872.bgmilne@staff.telkomsa.net>

Thanks Buchan,

The above ACL seems a bit weird ... you probably want this 2nd-last.

it's weird probably because I have really know clue as to what I'm doing. I just removed it.


Move these attributes into their own ACL, so that you instead have:

access to
	attrs=userPassword
	by self write
 	by * auth

access to
	attrs=telephoneNumber,homePhone,homePostalAddress
 	by users write
 	by * read

access to *
        by anonymous read

Finally, you may also consider using a group for the write ACLs, so that simply setting a password for a user doesn't compromise your ACLs.

Sorry, I'm not clear on what you mean about using a group. If you have time could you elaborate?

Well now it seems to be working okay. Users with passwords can view the "advanced" fields and can also add/delete entries. Anonymous users can view "basic" info. I did edit one thing though. I changed:

access to *
  by anonymous read

to:

access to *
 by users write
 by anonymous read

because authenticated users couldn't view anything without it. Was that incorrect?

Regards,
Buchan


--
Buchan Milne
ISP Systems Specialist
B.Eng,RHCE(803004789010797),LPIC-2(LPI000074592)

References:
- ACL questions
  - From: MT <mlist@cmcflex.com>
- Re: ACL questions
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
- Re: ACL questions
  - From: MT <mlist@cmcflex.com>
- Re: ACL questions
  - From: Buchan Milne <bgmilne@staff.telkomsa.net>

Prev by Date: Re: Is it possible to map/rewrite per target when using slapd-meta?
Next by Date: Re: openLDAP BDB back-end trouble
Index(es):
- Chronological
- Thread