I have studied the examples in section 5.3 of the SLAPD/SLURPD
Admin manual and have tried access controls to the point where
I am very sad and frustrated, indeed. I have failed to get the access
control to work.
Could someone please give me some advice/help on this? I would be very
appreciative!!!
I'd like to restrict reading access on some (OR all!) attributes to
folks within the ties.k12.mn.us domain. After trying many many
permutations for days I have met with failure. Generally, I check access
by running ldapsearch to dump the entire database, and by running lynx from
a server outside of my domain to the web500gw port ON the ldap server.
Thanks very much for any help!!
Here's one version of what I've been trying:
slapd.conf:
include /usr/local/etc/slapd.at.conf
include /usr/local/etc/slapd.oc.conf
schemacheck on
referral ldap://ldap.itd.umich.edu
#######################################################################
# ldbm database definitions
#######################################################################
#
database ldbm
suffix "o=TIES,c=US"
directory /export/home/x.500/INCOMING
index cn,sn,title,manager,jpegPhoto,labeledURI
index telephoneNumber,facsimileTelephoneNumber
index businessCategory,mail,pager,responsibilities,info
rootdn "cn=sa,o=TIES,c=US"
rootpw tucked away
# Access rules
access to dn=".*,o=TIES,c=US" attr=telephoneNumber,title,labeledURI
by dn=".*,o=TIES,c=US" read
by domain=".ties.k12.mn.us" read
by * none
#
Thanks,
Jeffrey Weiss