5 jan 2011 kl. 13.59 skrev Joel Carnat:
> Greetings,
>
> I would like to limit the access to my ldapd content.
>
> I've read ldapd.conf(5) but there are bits I don't get.
>
> The policy I would like to apply is:
> (1) allow anyone to authenticate
> (2) allow read access to all namespace by users that have been
authenticated
There is currently no support for wildcard matching of users. I'm working on a
diff to add that.
> (3) allow write access to their own object to users that have been
> authenticated
> (4) deny any other access
>
> Right now, I configured
> (1) allow bind access by any
> (2) allow read access by self // how to replace "self" by "any
> authenticated" ?
> (3) allow write access by self
> (4) deny read access to any by any
"The last matching rule decides what action is taken", so these rules would
always deny read access.
> For the moment, I am able to authenticate but won't go further:
> result: 50 Insufficient access
>
> What would be the correct rules to implement my policy ?
>
> TIA,
> Jo
>
-martin
