[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access control entries problem



Hi everyone,

I try to setup some access rules for some openldap servers but I am experiencing some difficulties with Access Control Entries.

I want to allow anonymous access to a specific branch of my ldap tree (autofs mount points):

	ou=mount,o=organization,dc=domain,dc=com

This rule works perfectly if I comment all others rules, but when at least one of them is commented out, it isn't working anymore.

Do you have any idea ?

Thanks.



See above my ldap access rules:
# Default access rule
defaultaccess   search

# Access to passwords
access to attrs=userPassword
        by dn="cn=replication,ou=role,dc=domain,dc=com" write
        by dn="cn=system,ou=role,dc=domain,dc=com" read
        by dn="cn=ftp-client,ou=role,dc=domain,dc=com" read
        by self write
        by * auth

# FTP access
access to dn.subtree="ou=ftp,o=organization,dc=domain,dc=com"
        by dn="cn=replication,ou=role,dc=domain,dc=com" write
        by dn="cn=ftp-manager,ou=role,dc=domain,dc=com" read
        by dn="cn=ftp-client,ou=role,dc=domain,dc=com" read

# AutoFS access
acces to dn.subtree="ou=mount,o=organization,dc=domain,dc=com"
        by dn="cn=replication,ou=role,dc=domain,dc=com" write
        by anonymous read

# Global accesses
access to *
        by dn="cn=replication,ou=role,dc=domain,dc=com" write
        by dn="cn=system,ou=role,dc=domain,dc=com" read
        by dn="cn=extranet,ou=role,dc=domain,dc=com" read

# Access to the base (prevent SASL problems)
access to dn.base=""
        by * read

--
Vincent Batoufflet

Buf Compagnie
3 rue Roquepine 75008 Paris, FRANCE
tel +33 1 42 68 18 28 - fax +33 1 42 68 18 29