Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual page 687

Tag
compare
search
read
write
slapd compares the access right requested by the client with those granted in
slapd.conf. The client is granted access if the rules allow a higher or equal
right than the requested one. If the client requests higher rights than those declared
in the rules, it is denied access.
Example 36.5, "slapd.conf: Example for Access Control"
of a simple access control that can be arbitrarily developed using regular expressions.
Example 36.5 slapd.conf: Example for Access Control
access to dn.regex="ou=([^,]+),dc=example,dc=com"
by dn.regex="cn=Administrator,ou=$1,dc=example,dc=com" write
by user read
by * none
This rule declares that only its respective administrator has write access to an individual
ou entry. All other authenticated users have read access and the rest of the world has
no access.
TIP: Establishing Access Rules
If there is no access to rule or no matching by directive, access is denied.
Only explicitly declared access rights are granted. If no rules are declared at
all, the default principle is write access for the administrator and read access
for the rest of the world.
Find detailed information and an example configuration for LDAP access rights in the
online documentation of the installed openldap2 package.
Scope of Access
To objects for comparison access
For the employment of search filters
Read access
Write access
(page 669) shows an example
LDAP—A Directory Service 669