Datasheet
“main” (Installation and Administration) — 2004/6/25 — 13:29 — page 484 — #510
i
i
i
i
i
i
i
i
Table 21.10: User Groups and Their Access Grants
Tag Scope
* all users without exception
anonymous not authenticated (“anonymous”) users
users authenticated users
self users connected with the target object
dn.regex=<regex> all users matching the regular expression
haccessi specifies the type of access. Use the options listed in Ta-
ble 21.11.
Table 21.11: Types of Access
Tag Scope of Access
none no access
auth for contacting the server
compare to objects for comparison access
search for the employment of search filters
read read access
write write access
slapd compares the access right requested by the client with those
granted in slapd.conf. The client is granted access if the rules al-
low a higher or equal right than the requested one. If the client re-
quests higher rights than those declared in the rules, it is denied ac-
cess.
Example 21.21 shows a simple example for a simple access control that can
be arbitrarily developed using regular expressions.
Example 21.21: slapd.conf: Example for Access Control
access to dn.regex="ou=([^,]+),dc=suse,dc=de"
by dn.regex="cn=administrator,ou=$1,dc=suse,dc=de" write
by user read
by * none
484 21.8. LDAP — A Directory Service