[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access to ... by Administrator

To: openldap-technical@openldap.org
Subject: Re: access to ... by Administrator
From: Christian Manal <moenoel@informatik.uni-bremen.de>
Date: Fri, 23 Mar 2012 11:25:27 +0100
In-reply-to: <4F6C4618.6040008@gmail.com>
References: <4F6C4618.6040008@gmail.com>
User-agent: Mozilla/5.0 (X11; Linux i686; rv:5.0) Gecko/20110805 Icedove/5.0

Am 23.03.2012 10:44, schrieb stefano:
> Hi,
> i've a question.
> 
> am configuring the ACLs in slapd.conf.
> is it necessary to specify the Administrator DN in the "who" field?
> 
> ex:
> access to attrs=userPassword
>              by dn="cn=Manager,dc=example,dc=com"
> 
> Do i have to specify it or the administrator has the access right to 
> every attribute?
> 

Hi,

the docs are your friend :)

>From slapd.access(5):

   *Be warned: the rootdn can always read and write EVERYTHING!*


>From slapd.conf(5):

     access to <what> [ by <who> <access> <control> ]+
          [...]  The rootdn
          can   always   read   and   write   EVERYTHING! [...]

     [...]

     rootdn <dn>
          Specify the distinguished name that is not  subject  to
          access control or administrative limit restrictions for
          operations on this database. [...]



Regards,
Christian Manal

References:
- access to ... by Administrator
  - From: stefano <stefano.malini@gmail.com>

Prev by Date: access to ... by Administrator
Next by Date: Re: access to ... by Administrator
Index(es):
- Chronological
- Thread