[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: phpldapadmin and openldap



--On Thursday, June 09, 2011 5:45 PM -0500 Juan Diego Calle <juandiego.calle@soportelibre.com> wrote:


I added this to the slapd.conf, but it didn't work.


access to *
        by self write
        by users read
        by anonymous read
        by * none

access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry
        by
group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec"
write

Please read the slapd.access(5) man page very carefully. ACLs are processed in the order that they match.

access to * by <...>

matches everything.  Therefore the second ACL will never be processed.

You may want to make it something like

access to dn="ou=People,dc=iess,dc=gob,dc=ec" attrs=children,entry
by group/groupOfNames/member="cn=MiniAdmins,ou=Group,dc=iess,dc=gob,dc=ec" write
	by * break

access to *
       by self write
       by users read
       by anonymous read
       by * none

--Quanah


--

Quanah Gibson-Mount
Sr. Member of Technical Staff
Zimbra, Inc
A Division of VMware, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration