[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Permission issue for normal user with ldap_add

To: vvv jjj <vvvjjj0@yahoo.co.in>
Subject: Re: Permission issue for normal user with ldap_add
From: Andrew Findlay <andrew.findlay@skills-1st.co.uk>
Date: Mon, 23 Jan 2017 13:47:32 +0000
Cc: openldap-technical@openldap.org
Content-disposition: inline
In-reply-to: <20170119102322.30baf975@pink.avci.de>
References: <636152837.208170.1484800654966.ref@mail.yahoo.com> <636152837.208170.1484800654966@mail.yahoo.com> <20170119102322.30baf975@pink.avci.de>
User-agent: Mutt/1.5.21 (2010-09-15)

On Thu, Jan 19, 2017 at 10:23:22AM +0100, Dieter Klünter wrote:

> man slapd.access(5)

See also some examples in the Admin Guide:

	http://www.openldap.org/doc/admin24/access-control.html#Access%20Control%20Examples

More examples here:

	https://www.skills-1st.co.uk/papers/ldap-acls-jan-2009/

For any non-trivial policy I would suggest building a test-suite before
trying to write the ACLs. OpenLDAP has one of the most predictable ACL
mechanisms in the industry but it can still be hard to cover all the
edge-cases correctly.

Andrew
-- 
-----------------------------------------------------------------------
|                 From Andrew Findlay, Skills 1st Ltd                 |
| Consultant in large-scale systems, networks, and directory services |
|     http://www.skills-1st.co.uk/                +44 1628 782565     |
-----------------------------------------------------------------------

References:
- Permission issue for normal user with ldap_add
  - From: vvv jjj <vvvjjj0@yahoo.co.in>
- Re: Permission issue for normal user with ldap_add
  - From: Dieter Klünter <dieter@dkluenter.de>

Prev by Date: Deleting an user defined object class from openldap 2.4.40
Next by Date: using two password hashes
Index(es):
- Chronological
- Thread