[389-users] ACI for single user access

Ludwig Krispenz lkrispen at redhat.com
Tue Nov 20 07:37:20 UTC 2012 

Hi James,
your approach k should work.

Ludwig

On 11/19/2012 10:28 PM, James Chamberlain wrote:
> Hi Ludwig,
>
> That's an interesting thought.  I'm guessing that access to the branch 
> is covered by the default "Enable anonymous access" ACI. To check my 
> logic, if I can exclude this single branch from the "anonymous" ACI, 
> and then add an ACI to the branch to cover access for this single 
> user, that would probably do what I want, correct?
>
> Thanks,
>
> James
>
> On Nov 19, 2012, at 2:16 PM, Ludwig Krispenz wrote:
>
>> Hi,
>> if you explicitely deny access to everyone you cannot override this 
>> foe a single user as deny always has precedence.
>> But if your only aci, be sure there are no others, is granting access 
>> to a single user as the default for all the others is
>> an implicite deny.
>>
>> Regards,
>> Ludwig
>>
>> ----- Original Message -----
>> From: "James Chamberlain" <jamesc at exa.com>
>> To: 389-users at lists.fedoraproject.org
>> Sent: Monday, November 19, 2012 8:07:29 PM
>> Subject: [389-users] ACI for single user access
>>
>> I'm trying to figure out how to write an ACI which would allow one
>> user to read a particular branch of the directory, but deny all
>> others.  If I specify it as two rules - one denying access to
>> everyone, the other granting access to this user - no one can read
>> that branch.  If I specify it as a single rule, that this user can
>> read this branch, it's not imposing any new restrictions and everyone
>> can read the branch.  I've tried reading the documentation and didn't
>> see this example listed.  Can anyone point me in the right direction?
>>
>> Thanks,
>>
>> James
>> -- 
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>> -- 
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> -- 
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list