[Date Prev][Date Next] [Chronological] [Thread] [Top]

AW: OLC permissions - general beginner question

To: openldap-technical@openldap.org <openldap-technical@openldap.org>
Subject: AW: OLC permissions - general beginner question
From: Stefan Bauer <sb@plzk.de>
Date: Thu, 4 Jun 2015 09:10:26 +0200

Hi,

why is cn=Manager,dc=example,dc=com not able to access cn=config with the second ACL?
According to manpage the asterisk means any so also cn=config.

is dn: olcDatabase={1}monitor,cn=config above the rule some kind of limitation or context?

# {0}config, config
dn: olcDatabase={0}config,cn=config
olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" manage  by * none

# {1}monitor, config
dn: olcDatabase={1}monitor,cn=config
olcAccess: {0}to *  by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth" read  by dn.base="cn=Manager,dc=example,dc=com" read  by * none


Thank you in advance.

Stefan

Follow-Ups:
- Re: AW: OLC permissions - general beginner question
  - From: Hallvard Breien Furuseth <h.b.furuseth@usit.uio.no>

Prev by Date: OpenLDAP with SASL not working
Next by Date: Re: Log of deleted accounts
Index(es):
- Chronological
- Thread