[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL Question

To: openldap-software@openldap.org
Subject: ACL Question
From: Tim Gustafson <tjg@soe.ucsc.edu>
Date: Fri, 30 Jan 2009 16:42:37 -0800 (PST)

Hi,

I have the following in my slapd.conf:

access to dn.subtree="cn=log"
 by group/groupOfNames/Member="cn=ldap-admins,ou=Group,dc=soe,dc=ucsc,dc=edu" read

However, anyone (even unbound anonymous users) can access cn=log without any problems.  I don't want anyone but ldap-admins to be able to access this subtree.

I'm thinking that I must be missing something really simple here.  Am I doing something wrong?  Any help is greatly appreciated.

Tim Gustafson
BSOE Webmaster
UC Santa Cruz
tjg@soe.ucsc.edu
831-459-5354

Follow-Ups:
- Re: ACL Question
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: delta-syncrepl missing changes
Next by Date: Re: slapd 2.4.13: ppolicy_use_lockout not working as expected
Index(es):
- Chronological
- Thread