FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Directory

 
 
LinkBack Thread Tools
 
Old 10-03-2008, 07:23 PM
Ray Van Dolson
 
Default Letting users see a tree in the console.

Not a big LDAP guy, just trying to get a task done fairly quickly.

I want to give a user access to cn=OracleContext,dc=example,dc=com in
my Fedora DS setup (v1.0.4). I've created the user:

uid=ouser,ou=People,dc=example,dc=com

And set an ACI on cn=OracleContext,dc=example,dc=com:

(targetattr = "*")
(target = "ldap:///cn=OracleContext,dc=example,dc=com")
(version 3.0;
acl "OracleACI";
allow (all)
(userdn = "ldap:///uid=ouser,ou=People, dc=example,dc=com")


Just for giggles, I also set one on dc=example,dc=com as well:

(targetattr = "*") (target = "ldap:///dc=example, dc=com")
(version 3.0;acl "OracleACI";allow (all)
(userdn = "ldap:///uid=ouser,ou=People, dc=example,dc=com")

Via ldapsearch, this user can see everything I'd expect (at least under
the OracleContext container), but when I log in as the user to the java
console, the only objects I see available in the tree are schema,
monitor and config.

Why can't this user see the dc=example,dc=com tree? I don't see any
way to set ACI's at a higher level...

Thanks,
Ray

--
Fedora-directory-users mailing list
Fedora-directory-users@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-directory-users
 

Thread Tools




All times are GMT. The time now is 10:43 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org