--On Friday, January 22, 2010 8:28 AM +1100 Alex Samad alex@samad.com.au wrote:
On Thu, Jan 21, 2010 at 12:03:32PM +0100, Jonathan Clarke wrote:
On 01/20/2010 07:17 AM, Alex Samad wrote:
Hi
I was wonder were do I place acl for cn=Subschema as there doesn;t seems to be a db defined for it or is it the same as cn=schmea ?
Regardless of which database it is attached to, you can define any ACLs in the global section of the configuration file (before any database declarations).
I am using cn=config/dynamic config so I am not using any slapd.conf.
from my reading of slapd-config I gather this is not the same,
cause I can put it in olcDatabase=frontend,cn=config which is like a default and the man page seems to suggest that you put acl's with the db's they are mean to control (although now that I re read it, it seems like the acl's are all meant to be in the frontend db).
There are still global level ACLs that don't apply to a database. Like cn=subschema.
For example in my DB:
[root@freelancer cn=config]# grep olcA olcDatabase={-1}frontend.ldif olcAccess: {0}to * by dn.children="cn=admins,cn=zimbra" write by * +0 break olcAccess: {1}to dn.base="" by * read olcAccess: {2}to dn.base="cn=subschema" by * read
--Quanah
--
Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc -------------------- Zimbra :: the leader in open source messaging and collaboration