Am 01.08.24 um 16:42 schrieb pficheux@integra.fr:
Hello Uwe,
Thanks for the answer.
So, if I understand correctly, until you are authenticated, you are considered as anonymous, or sort of by the LDAP right?
You are either anonymous == unauthenticated or you are authenticated against an LDAP entry. (There are some other, special cases where you are authenticated against something else but that would get too far off track right now.)
And concerning the "by self write", in the example :
access to dn.children="dc=example,dc=com" by self write by group.exact="cn=Administrators,dc=example,dc=com" write by * auth
What is the purpose of this? An authenticated user can write his own entry with that?
Yes, exactly, given that the user's entry is below dc=example,dc=com. Usually that is used like
access to attrs=userPassword by self write by anonymous auth
to allow authentication and password changes.
Regards,
Gab.