RE: OPEN LDAP ACL

Tue, 21 May 2019 14:42:28 -0700

--On Tuesday, May 21, 2019 9:56 AM +0000 Olivier - <[email protected]> wrote: 



Bonjour Florent,



(sorry I answer just this in Freanch : easier to me p Les ACL
s'arrêtent au premier match. Il faut donc mettre les droits des user
sconcernés pour chaque ACL).

Here a franch link :
https://www.vincentliefooghe.net/content/les-acl-dans-openldap





Here an example :



access to attrs=userPassword

by dn.exact="cn=admin,dc=example,dc=fr" write

by users auth

by anonymous auth

by * none



That should be "by users read", not "by users auth" as per their stated 
requirements.  I would note that this ACL would be problematic in a 
replicated environment unless the "cn=admin,dc=example,dc=fr" DN is also 
used for replication.


--Quanah


--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>
























					Reply via email to