Re: How to restrict access to LDAP database

["A. Sopicki" <pastorpalme gmx de>]

Hi, Michael!

> However, when I want to restrict only the sales staff who can access
> dn.children="ou=vendor, dc=foo, dc=com", the following rules fail to do so.
> access to dn="ou=vendor, dc=foo, dc=com" by dn="ou=sales, dc=foo,
> dc=com" read
> access to dn.children="ou=vendor, dc=foo, dc=com" by
> dn.children="ou=sales, dc=foo, dc=com" read

Maybe the following rules will work for you:

access to dn.children="ou=vendor,dc=foo,dc=com" 
	by dn.children="ou=sales, dc=foo, dc=com" read
	by * read
access to dn.children="ou=misc, dc=foo, dc=com" 
	by dn.children="ou=sales, dc=foo, dc=com" none
	by * read
access to dn.children="ou=sales, dc=foo, dc=com" 
	by dn.children="ou=sales, dc=foo, dc=com" none
	by * read
access to dn.children="ou=it, dc=foo, dc=com" 
	by dn.children="ou=sales, dc=foo, dc=com" none
	by * read


Have a look here for more examples of access restriction: 
http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control

Greetz,

A. Sopicki