Hi James,
your approach k should work.
Ludwig
On 11/19/2012 10:28 PM, James Chamberlain wrote:
Hi Ludwig,
That's an interesting thought. I'm guessing that access to the branch
is covered by the default "Enable anonymous access" ACI. To check my
logic, if I can exclude this single branch from the "anonymous" ACI,
and then add an ACI to the branch to cover access for this single
user, that would probably do what I want, correct?
Thanks,
James
On Nov 19, 2012, at 2:16 PM, Ludwig Krispenz wrote:
Hi,
if you explicitely deny access to everyone you cannot override this
foe a single user as deny always has precedence.
But if your only aci, be sure there are no others, is granting access
to a single user as the default for all the others is
an implicite deny.
Regards,
Ludwig
----- Original Message -----
From: "James Chamberlain" <jamesc@xxxxxxx>
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Sent: Monday, November 19, 2012 8:07:29 PM
Subject: ACI for single user access
I'm trying to figure out how to write an ACI which would allow one
user to read a particular branch of the directory, but deny all
others. If I specify it as two rules - one denying access to
everyone, the other granting access to this user - no one can read
that branch. If I specify it as a single rule, that this user can
read this branch, it's not imposing any new restrictions and everyone
can read the branch. I've tried reading the documentation and didn't
see this example listed. Can anyone point me in the right direction?
Thanks,
James
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
