Thank you for your replies. Below is a more detailed description what I want to do,
Take "dc=foo, dc=com" for example, I have set up the rules as follows : access to dn.children="ou=misc, dc=foo, dc=com" by * read access to dn.children="ou=sales, dc=foo, dc=com" by * read access to dn.children="ou=it, dc=foo, dc=com" by * read access to dn.children="ou=vendor, dc=foo, dc=com" by * read Because this is a public addressbook for internal lookup use, mainly for outlook express and mozilla mail; I don't use any authentication and the users can access the LDAP addressbook successfully ( read only ). However, when I want to restrict only the sales staff who can access dn.children="ou=vendor, dc=foo, dc=com", the following rules fail to do so. access to dn.children="ou=vendor, dc=foo, dc=com" by dn.children="ou=sales, dc=foo, dc=com" read Hence, I want to know how to setup a rule that only the sales staff who can access dn.children="ou=vendor, dc=foo, dc=com". Thank you for your information. :-) Michael [EMAIL PROTECTED] 提到: >> ------------------------------------------------------------------------ >> >> 主題(Subject): >> Re: How to restrict access to LDAP database >> 寄信人(From): >> "A. Sopicki" <[EMAIL PROTECTED]> >> 日期: >> Thu, 26 Jun 2003 18:56:48 +0200 >> 收信人(To): >> [EMAIL PROTECTED] >> >> >>Hi, Michael! >> >>You can set the access restrictions in slapd.conf of your LDAP-Server. >> >>For example: >> >>access to attribute=userPassword >> by dn="cn=admin,dc=example,dc=com" write >> by anonymous read >> by self write >> by * none >> >>More information at >>http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control >> >>Greetz, >> >>A. Sopicki >> >> >> >> 主題(Subject): >> Re: How to restrict access to LDAP database >> 寄信人(From): >> Gordon Messmer <[EMAIL PROTECTED]> >> 日期: >> Thu, 26 Jun 2003 11:09:29 -0700 >> 收信人(To): >> [EMAIL PROTECTED] >> >> >> A. Sopicki wrote: >> >>> >>> For example: >>> >>> access to attribute=userPassword >>> by dn="cn=admin,dc=example,dc=com" write >>> by anonymous read >>> by self write >>> by * none >> >> >> Not the best example, as it's almost certainly what you do *not* want >> to do. How about this instead: >> >> access to attribute=userPassword >> by dn="cn=admin,dc=example,dc=com" write >> by anonymous auth >> by self write >> by * none >> -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://www.redhat.com/mailman/listinfo/redhat-list
