Re: ACI for single user access

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

To update the list, this worked perfectly. I modified the existing "Enable anonymous access" ACI to exclude the branch in question as a target, and then added an ACI to that branch to grant a specific user access. 

Thanks,

James

On Nov 20, 2012, at 2:37 AM, Ludwig Krispenz wrote:



Hi James,
your approach k should work.

Ludwig

On 11/19/2012 10:28 PM, James Chamberlain wrote:

Hi Ludwig,
That's an interesting thought. I'm guessing that access to the branch is covered by the default "Enable anonymous access" ACI. To check my logic, if I can exclude this single branch from the "anonymous" ACI, and then add an ACI to the branch to cover access for this single user, that would probably do what I want, correct? 

Thanks,

James

On Nov 19, 2012, at 2:16 PM, Ludwig Krispenz wrote:


Hi,
if you explicitely deny access to everyone you cannot override this foe a single user as deny always has precedence. But if your only aci, be sure there are no others, is granting access to a single user as the default for all the others is 
an implicite deny.

Regards,
Ludwig

----- Original Message -----
From: "James Chamberlain" <jamesc@xxxxxxx>
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Sent: Monday, November 19, 2012 8:07:29 PM
Subject:  ACI for single user access

I'm trying to figure out how to write an ACI which would allow one
user to read a particular branch of the directory, but deny all
others.  If I specify it as two rules - one denying access to
everyone, the other granting access to this user - no one can read
that branch.  If I specify it as a single rule, that this user can
read this branch, it's not imposing any new restrictions and everyone can read the branch. I've tried reading the documentation and didn't see this example listed. Can anyone point me in the right direction? 

Thanks,

James
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users


--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux