[389-users] ACI for single user access

James Chamberlain jamesc at exa.com
Mon Nov 26 21:41:52 UTC 2012 

To update the list, this worked perfectly.  I modified the existing  
"Enable anonymous access" ACI to exclude the branch in question as a  
target, and then added an ACI to that branch to grant a specific user  
access.

Thanks,

James

On Nov 20, 2012, at 2:37 AM, Ludwig Krispenz wrote:

>
> Hi James,
> your approach k should work.
>
> Ludwig
>
> On 11/19/2012 10:28 PM, James Chamberlain wrote:
>> Hi Ludwig,
>>
>> That's an interesting thought.  I'm guessing that access to the  
>> branch is covered by the default "Enable anonymous access" ACI. To  
>> check my logic, if I can exclude this single branch from the  
>> "anonymous" ACI, and then add an ACI to the branch to cover access  
>> for this single user, that would probably do what I want, correct?
>>
>> Thanks,
>>
>> James
>>
>> On Nov 19, 2012, at 2:16 PM, Ludwig Krispenz wrote:
>>
>>> Hi,
>>> if you explicitely deny access to everyone you cannot override  
>>> this foe a single user as deny always has precedence.
>>> But if your only aci, be sure there are no others, is granting  
>>> access to a single user as the default for all the others is
>>> an implicite deny.
>>>
>>> Regards,
>>> Ludwig
>>>
>>> ----- Original Message -----
>>> From: "James Chamberlain" <jamesc at exa.com>
>>> To: 389-users at lists.fedoraproject.org
>>> Sent: Monday, November 19, 2012 8:07:29 PM
>>> Subject: [389-users] ACI for single user access
>>>
>>> I'm trying to figure out how to write an ACI which would allow one
>>> user to read a particular branch of the directory, but deny all
>>> others.  If I specify it as two rules - one denying access to
>>> everyone, the other granting access to this user - no one can read
>>> that branch.  If I specify it as a single rule, that this user can
>>> read this branch, it's not imposing any new restrictions and  
>>> everyone
>>> can read the branch.  I've tried reading the documentation and  
>>> didn't
>>> see this example listed.  Can anyone point me in the right  
>>> direction?
>>>
>>> Thanks,
>>>
>>> James
>>> -- 
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>> -- 
>>> 389 users mailing list
>>> 389-users at lists.fedoraproject.org
>>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>>
>> -- 
>> 389 users mailing list
>> 389-users at lists.fedoraproject.org
>> https://admin.fedoraproject.org/mailman/listinfo/389-users
>
> --
> 389 users mailing list
> 389-users at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/389-users

More information about the 389-users mailing list