ldap basic
Gordon Messmer
yinyang at eburg.com
Wed Feb 22 21:21:02 UTC 2006
Tony Heaton wrote:
>
> access to *
> by * read
> by dn.base="cn=Manager,dc=frop,dc=net" write
> by self write
> by anonymous auth
...
> rootdn "cn=Manager,dc=frop,dc=net"
Nitpicking: There's no real need to specify that the rootdn can write in
your ACIs. The rootdn can always write, regardless of ACIs.
Also, I'd avoid providing examples that would allow users to change
their own uidNumber value, and thereby become root. ;)
More information about the fedora-list
mailing list