[389-users] ACI for single user access
James Chamberlain
jamesc at exa.com
Mon Nov 26 21:41:52 UTC 2012
To update the list, this worked perfectly. I modified the existing
"Enable anonymous access" ACI to exclude the branch in question as a
target, and then added an ACI to that branch to grant a specific user
access.
Thanks,
James
On Nov 20, 2012, at 2:37 AM, Ludwig Krispenz wrote:
>
> Hi James,
> your approach k should work.
>
> Ludwig
>
> On 11/19/2012 10:28 PM, James Chamberlain wrote:
>> Hi Ludwig,
>>
>> That's an interesting thought. I'm guessing that access to the
>> branch is covered by the default "Enable anonymous access" ACI. To
>> check my logic, if I can exclude this single branch from the
>> "anonymous" ACI, and then add an ACI to the branch to cover access
>> for this single user, that would probably do what I want, correct?
>>
>> Thanks,
>>
>> James
>>
>> On Nov 19, 2012, at 2:16 PM, Ludwig Krispenz wrote:
>>
>>> Hi,
>>> if you explicitely deny access to everyone you cannot override
>>> this foe a single user as deny always has precedence.
>>> But if your only aci, be sure there are no others, is granting
>>> access to a single user as the default for all the others is
>>> an implicite deny.
>>>
>>> Regards,
>>> Ludwig
>>>
>>> ----- Original Message -----
>>> From: "James Chamberlain" <jamesc at exa.com>
>>> To: 389-users at lists.fedoraproject.org
>>> Sent: Monday, November 19, 2012 8:07:29 PM
>>> Subject: [389-users] ACI for single user access
>>>
>>> I'm trying to figure out how to write an ACI which would allow one
>>> user to read a particular branch of the directory, but deny all
>>> others. If I specify it as two rules - one denying access to
>>> everyone, the other granting access to this user - no one can read
>>> that branch. If I specify it as a single rule, that this user can
>>> read this branch, it's not imposing any new restrictions and
>>> everyone
>>> can read the branch. I've tried reading the documentation and
>>> didn't
>>> see this example listed. Can anyone point me in the right
>>> direction?
>>>
>>> Thanks,
>>>
>>> James
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> --
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> --
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users
More information about the 389-users
mailing list