speedy zinc wrote:
I've created two user entries under People: Test User: uid=testuser Jane Doe : uid=JDoe Here's what I'm trying to achieve with access control: - Turn off anon access to the entry Test User - Allow full access to Test User on Test User - Allow (read, search, compare) to JDoe on Test User, and no other users- Allow full access to "cn=Directory Manager" on Test User.- Anon access is still allowed on other entries So, here is the list of ACIs (besides the inherited ones) that I've created on the entry Test User: (targetattr = "*") (version 3.0;acl "self";allow (all)(userdn = "ldap:///uid=testuser,ou=People, dc=dummy,dc=com");) (targetattr != "userPassword") (version 3.0;acl "No anonymous access";deny (all)(userdn = "ldap:///anyone";);) (targetattr = "*") (target = "ldap:///uid=testuser,ou=People, dc=dummy,dc=com") (version 3.0;acl "Allow JDoe";allow (read,compare,search)(userdn = "ldap:///uid=JDoe,ou=People, dc=dummy,dc=com");) With the ACIs above, it seems that the "No anonymous access" is taking precendence over the other two. Even the"Test User" does not have access to its own data, and JDoe certainly does not either. The only user who has access is the Directory Manager.How do I achieve my goals with ACI? thanks a lot. sz.__________________________________ Yahoo! Mail - PC Magazine Editors' Choice 2005 http://mail.yahoo.com-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
