[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ldap
Subject:    [ldap] Re: Permsion on Parent
From:       Michael.Oberdorf () gmx ! de
Date:       2003-03-15 15:06:16
[Download RAW message or body]

> Actually I tried it all ways. (*.*) (.*) (*.) (*)

first you have to give some std access rules like:

access to dn.subtree="*"
        by self write
        by anonymous auth
        by * none

than you can give access rules to some subtrees like:

access to dn.subtree="ou=People,dc=example,dc=com"
         by dn="cn=peopleroot,dc=example,dc=com" write

in my configuration i have this test access rule and it works well:
access to dn.subtree="*"
        by self write
        by
dn="uid=domino,ou=user,ou=domino,ou=applications,ou=labor,o=enc,c=de" write
        by
dn="uid=samba,ou=user,ou=samba,ou=applications,ou=labor,o=enc,c=de" write
        by anonymous auth
        by * none

Look in the OpenLDAP Adminisatrators Guide chapter 5.3
( http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control ).
There are some examples.


Michael


---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.


[prev in list] [next in list] [prev in thread] [next in thread]