[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Trying to limit acces to an attribute

To: Andres Tarallo <tarallo@ort.edu.uy>
Subject: Re: Trying to limit acces to an attribute
From: Aaron Richton <richton@nbcs.rutgers.edu>
Date: Thu, 12 Oct 2006 00:26:54 -0400 (EDT)
Cc: openldap-software@openldap.org
In-reply-to: <20061012000020.81DDC249830@correo.ort.edu.uy>
References: <20061012000020.81DDC249830@correo.ort.edu.uy>

First off, I'm not sure if you're expecting to hit a matchingRule. Aren't you looking for a value (i.e "val.regex" instead)? Maybe try that first.

It seems like lots of people get the ordering wrong; you could try posting your whole list of ACLs here and see if anybody reads it right. But it's more enlightening to post that along with "slapd -d acl" output of an access gone "wrong" versus your expectations. slapd -d acl is quite useful, you might be able to figure it out yourself based off its output. Of course, there's always the slapacl program too.

Examples can be found in the tests/ directory of the source tarball.

On Wed, 11 Oct 2006, Andres Tarallo wrote:

I'm setting an OpenLDAP server, for small company For historical reason each
users in ths company has two email address user@domain and user@olddomain.

Both address are used for sending and receiving email Howver we want to make
sure that only the user@domain ones are show in the address book of
squirellmail So I thaught of an ACL like this

access to attrs=mail matchingRule.regex="\@domain"
     by peername "ip.of.web.mail" none
     by * read

But this seems to have no effect. I need some example or tips for debugging
this problem. Thanks

Andres
--
A/P Andres Tarallo
Universidad ORT Uruguay

References:
- Trying to limit acces to an attribute
  - From: "Andres Tarallo" <tarallo@ort.edu.uy>

Prev by Date: Re: Caching empty results
Next by Date: Re: slapd-relay and slapo-rwm questions
Index(es):
- Chronological
- Thread