Alex Samad wrote:
On Fri, Jan 19, 2007 at 07:16:39PM -0500, Aaron Richton wrote:
I get problems with access control, however, that prevent it from working.
Yes...given
access to * by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write
access to * by * none
Think what you need here is
access to *
by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write
by * break
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to *
by * none
Yes, but sloppy. Don't use rules you don't need, and write rules that work
with the natural order of processing:
access to attrs=userPassword
by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write
by self write
by anonymous auth
access to *
by dn="uid=slurp,ou=users,dc=xxxxxxxx,dc=xx" write
I.e., don't throw in gratuitous "break" statements when you don't need to.
--
-- Howard Chu
Chief Architect, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc
OpenLDAP Core Team http://www.openldap.org/project/
