Problema ldap acl
La revisió el 00:28, 4 set 2012 per Secretaria (discussió | contribucions) (Es crea la pàgina amb «==== Valors per defecte de les ACL de LDAP ==== <pre> olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,d...».)
Valors per defecte de les ACL de LDAP
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=com" write by * none olcAccess: {1}to dn.base="" by * read olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=com" write by * read
Què volem aconseguir?
Que diferents administradors tenguin accés a cada sub-arbre corresponent, i no donar accés a altres usuaris a les contrasenyes
Aproximació 1
olcAccess: {0}to dn.subtree="ou=gorgblau,dc=nigul,dc=coop" by self write by dn="cn=gorgblau,dc=nigul,dc=coop" write by * read olcAccess: {1}to dn.subtree="ou=matadejonc,dc=nigul,dc=coop" by self write by dn="cn=matadejonc,dc=nigul,dc=coop" write by * read olcAccess: {2}to dn.subtree="ou=lledoner,dc=nigul,dc=coop" by self write by dn="cn=lledoner,dc=nigul,dc=coop" write by * read olcAccess: {3}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=nigul,dc=coop" write by * none olcAccess: {4}to dn.base="" by * read olcAccess: {5}to * by self write by dn="cn=admin,dc=nigul,dc=coop" write by * read
Aproximació 2
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=nigul,dc=coop" write by * none olcAccess: {1}to dn.subtree="ou=gorgblau,dc=nigul,dc=coop" by self write by dn="cn=gorgblau,dc=nigul,dc=coop" write by * read olcAccess: {2}to dn.subtree="ou=matadejonc,dc=nigul,dc=coop" by self write by dn="cn=matadejonc,dc=nigul,dc=coop" write by * read olcAccess: {3}to dn.subtree="ou=lledoner,dc=nigul,dc=coop" by self write by dn="cn=lledoner,dc=nigul,dc=coop" write by * read olcAccess: {4}to dn.base="" by * read olcAccess: {5}to * by self write by dn="cn=admin,dc=nigul,dc=coop" write by * read