<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-15"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
On 02/14/2012 12:17 AM, Walter Neu wrote:
<blockquote cite="mid:4F3A0AA3.6040505@eurodata.de" type="cite">Hi
all,
<br>
<br>
I'm confused about ACI and need some help from the experts....
<br>
<br>
<br>
I want to create an ACI for read only access to a certain branch
of my LDAP tree. Therefor I created the following ACI
<br>
<br>
<br>
(targetattr = "userPassword || uid") (target =
<a class="moz-txt-link-rfc2396E" href="ldap:///ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de">"ldap:///ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de"</a>) (version
3.0;acl "read only";allow (read)(userdn =
<a class="moz-txt-link-rfc2396E" href="ldap:///uid=ro_user,ou=SpecialUsers,dc=eurodata,dc=de">"ldap:///uid=ro_user,ou=Special Users,dc=eurodata,dc=de"</a>);)
<br>
<br>
But when I am authenticated with user ro_user, I got information
which are outside the branch
ou=AABenutzer,ou=eurodatasb,dc=eurodata,dc=de
<br>
<br>
What I'm doing wrong???
<br>
</blockquote>
In which entry did you set this aci?<br>
<blockquote cite="mid:4F3A0AA3.6040505@eurodata.de" type="cite">
<br>
Thanks
<br>
<br>
<pre wrap="">
<fieldset class="mimeAttachmentHeader"></fieldset>
--
389 users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:389-users@lists.fedoraproject.org">389-users@lists.fedoraproject.org</a>
<a class="moz-txt-link-freetext" href="https://admin.fedoraproject.org/mailman/listinfo/389-users">https://admin.fedoraproject.org/mailman/listinfo/389-users</a></pre>
</blockquote>
<br>
</body>
</html>