At 03:18 PM 12/4/2006, Rob Tanner wrote: >I have most of this bloody long ACL working right,
You seem to have forgotted that evaluation stops (by default) at the first matching accessing statement. >but I still need an >anonymous access to any entry under the "ou=people,o=linfield.edu" base >DN for the purpose of authentication. I need to be able to search on >the UID in order to retrieve the full DN of the entry. None of my >trials have been successful. Can someone please help? Order matters. I suggest you read the Admin Guide and FAQ discussion of access controls to get a basic understanding of how access controls should be ordered. http://www.openldap.org/doc/admin23/slapdconfig.html#Access%20Control http://www.openldap.org/faq/index.cgi?file=1375 http://www.openldap.org/faq/index.cgi?file=189 >Thanks, >Rob > >access to dn.one="ou=people,o=linfield.edu" > attrs=userpassword > by anonymous auth > >access to dn.one="ou=people,o=linfield.edu" > by dn="cn=Postfix,ou=Special Users,o=linfield.edu" read > by group/linfieldGroupOfUniqueNames/uniqueMember="cn=ferpa >administrators,ou=People,o=linfield.edu" read > >access to dn.one="ou=people,o=linfield.edu" > filter=(!(ou=student)) > by * read > >access to dn.one="ou=people,o=linfield.edu" > filter=(&(!(ferpaStatus=Private))(!(entryStatus=Inactive))(ou=student)) > by * read > >access to dn.one="ou=people,o=linfield.edu" > filter=(&(!(ou=Student))(!(entryStatus=Inactive))) > by * read > >access to dn.one="ou=people,o=linfield.edu" > >attrs=userPassword,maillocaladdress,useDefaultAlias,spamdisposition,checkForDirtyWords > by self write > > >-- > >Rob Tanner >UNIX Services Manager >Linfield College, McMinnville OR > >
