HELLO; i'm working on an Openldap project where im supposed to create groups and users and be able to work with phpldapadmin,I've done all of that. Now I want to modify access whereas ensaUser and estUser when logging in will be able to see only the branch they are in(and give that privilege to admin only)
I tried so many ACLs (using ldapmodify) but nothing seems to work,when I log in with one of the users I still can see the whole dataBase,I would appreciate some help.thank you
--On Friday, July 26, 2019 4:50 PM +0100 Meryem Fahim meryem.f97@gmail.com wrote:
HELLO; i'm working on an Openldap project where im supposed to create groups and users and be able to work with phpldapadmin,I've done all of that. Now I want to modify access whereas ensaUser and estUser when logging in will be able to see only the branch they are in(and give that privilege to admin only)
I tried so many ACLs (using ldapmodify) but nothing seems to work,when I log in with one of the users I still can see the whole dataBase,I would appreciate some help.thank you
As noted in the slapd.access man page, ACLs are evaluated in order. So if your first ACL is
access to * by * read
then no further ACLs will be evaluated.
I would generally suggest if you want help debugging ACLs that you *provide* your current set of ACLs to be examined.
I would also note it's generally a very bad idea to use PHPLdapadmin, as it's poorly written.
Regards, Quanah
--
Quanah Gibson-Mount Product Architect Symas Corporation Packaged, certified, and supported LDAP solutions powered by OpenLDAP: http://www.symas.com
openldap-technical@openldap.org
-
Meryem Fahim -
Quanah Gibson-Mount