[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Access control entries problem
Hi everyone,
I try to setup some access rules for some openldap servers but I am
experiencing some difficulties with Access Control Entries.
I want to allow anonymous access to a specific branch of my ldap tree
(autofs mount points):
ou=mount,o=organization,dc=domain,dc=com
This rule works perfectly if I comment all others rules, but when at
least one of them is commented out, it isn't working anymore.
Do you have any idea ?
Thanks.
See above my ldap access rules:
# Default access rule
defaultaccess search
# Access to passwords
access to attrs=userPassword
by dn="cn=replication,ou=role,dc=domain,dc=com" write
by dn="cn=system,ou=role,dc=domain,dc=com" read
by dn="cn=ftp-client,ou=role,dc=domain,dc=com" read
by self write
by * auth
# FTP access
access to dn.subtree="ou=ftp,o=organization,dc=domain,dc=com"
by dn="cn=replication,ou=role,dc=domain,dc=com" write
by dn="cn=ftp-manager,ou=role,dc=domain,dc=com" read
by dn="cn=ftp-client,ou=role,dc=domain,dc=com" read
# AutoFS access
acces to dn.subtree="ou=mount,o=organization,dc=domain,dc=com"
by dn="cn=replication,ou=role,dc=domain,dc=com" write
by anonymous read
# Global accesses
access to *
by dn="cn=replication,ou=role,dc=domain,dc=com" write
by dn="cn=system,ou=role,dc=domain,dc=com" read
by dn="cn=extranet,ou=role,dc=domain,dc=com" read
# Access to the base (prevent SASL problems)
access to dn.base=""
by * read
--
Vincent Batoufflet
Buf Compagnie
3 rue Roquepine 75008 Paris, FRANCE
tel +33 1 42 68 18 28 - fax +33 1 42 68 18 29