1:30 p.m.
Yes, you are correct. When I use this access control
access to dn="cn=Subschema" by * read
access to dn.subtree="cn=Subschema" by * read
(don't know which one works, but one of them does)
and search Subschema locally as a user:
ldapsearch -H "ldap://example.com" -D
'cn=Ron,ou=Zimbra,dc=example,dc=com' -x -W -b "cn=Subschema" -s base
"objectclass=Subschema"
I get the expected results. However, when I click on the "Schema" tab
in the client I'm using, I get nothing. So, I need to find out what the
actual search being executed is and go from there.
Thank you for your assistance.
-ron
Aaron Richton wrote:
OpenLDAP test000-rootdse searches cn=Subschema as an anonymous user.
Maybe you could start there as your example?
I really doubt that anything "happens automatically"; that's not in
the protocol. If you turn on stats/stats2 debug level, you'll likely
see that your rootDN-configured client is executing some flavor of
search. If you're suspecting acl, you can turn on acl debug level.
On Tue, 17 Jul 2007, Ron Parker wrote:
> I don't know what I mean. I've searched the Internet for "access to
> schema" and can't seem to find an answer that works for what I'm
> trying to do.
>
> What I want to do is, when a user logs in, to allow the ldap client
> to read the schema for the server. This happens automatically when
> the rootdn logs in, but apparently I have to explicity create access
> control for a user's client to read the schema.
>
> From the examples I've been able to locate and understand, I've tried
> the following:
>
> access to dn="cn=subschema" by * read
> access to dn.base="cn=Subschema" by * read
> access to dn.subtree="cn=Subschema" by * read
>
> but none appear to work. Apparently, I need another example of
> exactly what I'm trying to do, which I don't seem able to locate.
>
> Thanks!
>
> -ron
>
> Aaron Richton wrote:
>
>> Is this what you mean, or do you mean cn=Subschema? (And note that
>> that's not under "dc=example,dc=com." Search the list archive for
>> examples.)
>>
>> On Tue, 17 Jul 2007, Ron Parker wrote:
>>
>>> Now that I can log in as a user: How do I give a user access to
>>> schema? This is what I'm trying now (but not working):
>>>
>>> access to dn.subtree="cn=schema,dc=example,dc=com"
>>> by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" read
>>>
>>> What am I missing? Thanks!
>>>
>>> -ron
>>>
>>> --
>>> Ron Parker
>>> Software Creations http://www.scbbs.com
>>> Self-Administration Web Site http://saw.scbbs.com
>>> SDSS Subscription Mgmt Service http://sdss.scbbs.com
>>> Central Ave Dance Ensemble http://www.centralavedance.com
>>> R & B Salsa http://www.randbsalsa.com
>>>
>>>
>>
>> __________ NOD32 2403 (20070717) Information __________
>>
>> This message was checked by NOD32 antivirus system.
>> http://www.eset.com
>>
>>
>>
>
>
> --
> Ron Parker
> Software Creations http://www.scbbs.com
> Self-Administration Web Site http://saw.scbbs.com
> SDSS Subscription Mgmt Service http://sdss.scbbs.com
> Central Ave Dance Ensemble http://www.centralavedance.com
> R & B Salsa http://www.randbsalsa.com
>
>
__________ NOD32 2403 (20070717) Information __________
This message was checked by NOD32 antivirus system.
http://www.eset.com
--
Ron Parker
Software Creations http://www.scbbs.com
Self-Administration Web Site http://saw.scbbs.com
SDSS Subscription Mgmt Service http://sdss.scbbs.com
Central Ave Dance Ensemble http://www.centralavedance.com
R & B Salsa http://www.randbsalsa.com