[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: question regarding ACLs

To: <openldap-technical@openldap.org>
Subject: AW: question regarding ACLs
From: "Kick, Claus" <claus.kick@siemens.com>
Date: Tue, 7 Oct 2008 16:13:54 +0200
Content-class: urn:content-classes:message
In-reply-to: <87hc7p68sk.fsf@magenta.l4b.de>
References: <76B33C75B0B0EC46A3BD4E9D988703820221A477@ERLM863A.ww001.siemens.net> <87hc7p68sk.fsf@magenta.l4b.de>
Thread-index: AcknyJB+NQbvUfUNQmawzjZANeF0MQAveZeA
Thread-topic: question regarding ACLs

Hello,
 
>> Where am I making a mistake?

>access to dn.subtree=ou=removed_accounts,ou=people,o=suffix by none
>access to dn.one=ou=people,o=suffix by * write

Ok, that works like a charm! 
Follow-up question (this probably shows I don't know much about ACLs):

Why do I need to limit the scope via another ACL if I have one in place
which 
itself should already limit the scope of a search on a subtree?

Cheers,
Claus

Follow-Ups:
- Re: AW: question regarding ACLs
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

References:
- question regarding ACLs
  - From: "Kick, Claus" <claus.kick@siemens.com>
- Re: question regarding ACLs
  - From: "Dieter Kluenter" <dieter@dkluenter.de>

Prev by Date: RE: loglevel and logfile
Next by Date: LVM snapshot as a backup method
Index(es):
- Chronological
- Thread