Novell LINUX ENTERPRISE SERVER 10 SP2 - INSTALLATION AND ADMINISTRATION Installation Manual page 694

Tag
compare
search
read
write
slapd compares the access right requested by the client with those granted in
slapd.conf. The client is granted access if the rules allow a higher or equal
right than the requested one. If the client requests higher rights than those declared
in the rules, it is denied access.
Example 36.5, "slapd.conf: Example for Access Control" (page 676) shows an example
of a simple access control that can be arbitrarily developed using regular expressions.
Example 36.5 slapd.conf: Example for Access Control
access to
by dn.regex="cn=Administrator,ou=$1,dc=example,dc=com" write
by user read
by * none
This rule declares that only its respective administrator has write access to an individual
ou entry. All other authenticated users have read access and the rest of the world has
no access.
TIP: Establishing Access Rules
If there is no access to rule or no matching by directive, access is denied.
Only explicitly declared access rights are granted. If no rules are declared at
all, the default principle is write access for the administrator and read access
for the rest of the world.
Find detailed information and an example configuration for LDAP access rights in the
online documentation of the installed openldap2 package.
676 Installation and Administration
dn.regex="ou=([^,]+),dc=example,dc=com"
Scope of Access
To objects for comparison access
For the employment of search filters
Read access
Write access