Re: [389-users] ACI for read only access

Rich Megginson <rmeggins@xxxxxxxxxx> · Tue, 14 Feb 2012 07:09:55 -0700



    On 02/14/2012 12:17 AM, Walter Neu wrote:
    Hi
      all,
      

      I'm confused about ACI and need some help from the experts....
      

      I want to create an ACI for read only access to a certain branch
      of my LDAP tree. Therefor I created the following ACI
      

      (targetattr = "userPassword || uid") (target =
      "ldap:///ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de") (version
      3.0;acl "read only";allow (read)(userdn =
      "ldap:///uid=ro_user,ou=Special Users,dc=eurodata,dc=de");)
      

      But when I am authenticated with user ro_user, I got information
      which are outside the branch
      ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de
      

      What I'm doing wrong???
      

    In which entry did you set this aci?

    
      Thanks
      

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
    
    
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users