Re: ldap, access control and kerberos authentication

Mark Bixby (markb@spock.dis.cccd.edu)
Tue, 2 Apr 1996 14:12:15 -0800 (PST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rob Winters: "ph-LDAP gateways and ph servers?"
Previous message: Tim Howes: "Re: ldap, access control and kerberos authentication"
In reply to: Art Mulder: "ldap, access control and kerberos authentication"

Art Mulder writes:
> I'd like to hear from anyone who has made use of access control in
> letting users update their entries. Can you provide me with some
> slapd.conf examples?

I'm not using Kerberos, but this is how I allow my users to update any
attribute in their own entry. The userPassword attribute is only visible
if you're authenticated as the entry (the "$^" hack is to catch anonymous
users, which for some reason don't match the preceeding simple *).

defaultaccess read

access to attrs=userPassword
by self write
by * none
by dn="^$" none

access to *
by self write

If you wanted some read-only attributes, just insert the following before the
"access to *":

access to attrs=read-only-attrs
by * read

-- 
Mark Bixby                      E-mail: markb@cccd.edu
Coast Community College Dist.   Web: http://www.cccd.edu/~markb/
District Information Services   1370 Adams Ave., Costa Mesa, CA, USA 92626-5429
Technical Support               +1 714 432-5865 x7064
"You can tune a file system, but you can't tune a fish." - tunefs(1M)

Next message: Rob Winters: "ph-LDAP gateways and ph servers?"
Previous message: Tim Howes: "Re: ldap, access control and kerberos authentication"
In reply to: Art Mulder: "ldap, access control and kerberos authentication"