meta data for this page
  •  

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revisionPrevious revision
ldap:openldap [2018/08/01 11:05] niziakldap:openldap [2018/08/01 12:05] (current) niziak
Line 26: Line 26:
     * **BaseDN: 'cn=config'** - use [[http://directory.apache.org/studio/|Apache Directory Studio]] to connect     * **BaseDN: 'cn=config'** - use [[http://directory.apache.org/studio/|Apache Directory Studio]] to connect
  
 +===== ACL =====
  
 +[[https://www.openldap.org/doc/admin24/access-control.html]]
 +
 +Order matters in ACL rules. LDAP will stop looking on the first match. So new acl entries should be inserted before default ones.
 +
 +Default entries:
 +<code>
 +olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by dn="cn=admin,dc=example,dc=org" write by anonymous auth by * none
 +olcAccess: {1}to * by self read by dn="cn=admin,dc=example,dc=org" write by * none
 +</code>
 +  * olcAccess: {0}to attrs=userPassword,shadowLastChange
 +    * by self write 
 +    * by dn="cn=admin,dc=example,dc=org" write 
 +    * by anonymous auth 
 +    * by * none
 +  * olcAccess: {1}to * 
 +    * by self read 
 +    * by dn="cn=admin,dc=example,dc=org" write 
 +    * by * none
 +
 +
 +
 +Giving user: **uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com** rights:
 +  * Entry to edit: **olcDatabase={1}mdb,cn=config**
 +  * Attribute to add: **olcAccess**
 +  * to by dn.exact="uid=nextcloudsystemuser,ou=it,dc=grinn-global,dc=com" read
 +
 +
 +==== Examples ====
 +
 +
 +<code>olcAccess: {1}to dn.base="" by * read</code>
 +
 +  * Give user access to modify photo: <code>olcAccess: to attrs=jpegPhoto by self write by * read</codE>