[389-users] Announcing 389 Directory Server version 1.2.9.6 Testing
Anthony Messina
amessina at messinet.com
Tue Aug 23 22:26:07 UTC 2011
On 08/23/2011 09:26 AM, Rich Megginson wrote:
> Can you provide the exact aci you used below?
>>
>> dc=messinet,dc=com (anonymous perms removed, all other defaults intact)
>> |
>> +-ou=People (allowed dns=localhost,messinet.com,*.messinet.com)
>> |
>> +-ou=Groups (allowed dns=localhost,messinet.com,*.messinet.com)
>> |
>> +-ou=Special Users (allowed dns=localhost,messinet.com,*.messinet.com)
>> |
>> +-ou=Computers (allowed dns=localhost,messinet.com,*.messinet.com)
>> |
>> +-ou=eGW (allowed dns=localhost,messinet.com,*.messinet.com)
>>
>> -A
Attached, find the original ACIs I used prior to
389-ds-base-1.2.9.6-1.fc15.i686
Since the upgrade, I have needed to leave the following default in place:
aci: (targetattr != "userPKCS12 || userPassword")(version 3.0;acl
"Enable anon
ymous access"; allow (read,compare,search)(userdn = "ldap:///anyone");)
But as you can see, the makes it incredibly difficult to restrict acces
based on tree structure as everyone already has read access. -A
--
Anthony - http://messinet.com - http://messinet.com/~amessina/gallery
8F89 5E72 8DF0 BCF0 10BE 9967 92DC 35DC B001 4A4E
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ldap_default_aci.txt
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110823/dbe607c8/attachment.txt>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: OpenPGP digital signature
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20110823/dbe607c8/attachment.sig>
More information about the 389-users
mailing list