Access to Schema

Email lists > New OpenLDAP software discussion list

Thread: Access to Schema

Search this list only Search all lists
Access to Schema
United States	2007-07-17 02:25:22
Now that I can log in as a user: How do I give a user access to schema? This is what I'm trying now (but not working): access to dn.subtree="cn=schema,dc=example,dc=com" by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" read What am I missing? Thanks! -ron -- Ron Parker Software Creations http://www.scbbs.com Self-Administration Web Site http://saw.scbbs.com SDSS Subscription Mgmt Service http://sdss.scbbs.com Central Ave Dance Ensemble http://www.centralaved ance.com R & B Salsa http://www.randbsalsa.com

Re: Access to Schema
	2007-07-17 06:53:28
Is this what you mean, or do you mean cn=Subschema? (And note that that's not under "dc=example,dc=com." Search the list archive for examples.) On Tue, 17 Jul 2007, Ron Parker wrote: > Now that I can log in as a user: How do I give a user access to schema? > This is what I'm trying now (but not working): > > access to dn.subtree="cn=schema,dc=example,dc=com" > by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" read > > What am I missing? Thanks! > > -ron > > -- > Ron Parker > Software Creations http://www.scbbs.com > Self-Administration Web Site http://saw.scbbs.com > SDSS Subscription Mgmt Service http://sdss.scbbs.com > Central Ave Dance Ensemble http://www.centralaved ance.com > R & B Salsa http://www.randbsalsa.com > >

Re: Access to Schema
	2007-07-17 14:41:51
OpenLDAP test000-rootdse searches cn=Subschema as an anonymous user. Maybe you could start there as your example? I really doubt that anything "happens automatically"; that's not in the protocol. If you turn on stats/stats2 debug level, you'll likely see that your rootDN-configured client is executing some flavor of search. If you're suspecting acl, you can turn on acl debug level. On Tue, 17 Jul 2007, Ron Parker wrote: > I don't know what I mean. I've searched the Internet for "access to schema" > and can't seem to find an answer that works for what I'm trying to do. > > What I want to do is, when a user logs in, to allow the ldap client to read > the schema for the server. This happens automatically when the rootdn logs > in, but apparently I have to explicity create access control for a user's > client to read the schema. > > From the examples I've been able to locate and understand, I've tried the > following: > > access to dn="cn=subschema" by * read > access to dn.base="cn=Subschema" by * read > access to dn.subtree="cn=Subschema" by * read > > but none appear to work. Apparently, I need another example of exactly what > I'm trying to do, which I don't seem able to locate. > > Thanks! > > -ron > > Aaron Richton wrote: > >> Is this what you mean, or do you mean cn=Subschema? (And note that that's >> not under "dc=example,dc=com." Search the list archive for examples.) >> >> On Tue, 17 Jul 2007, Ron Parker wrote: >> >>> Now that I can log in as a user: How do I give a user access to schema? >>> This is what I'm trying now (but not working): >>> >>> access to dn.subtree="cn=schema,dc=example,dc=com" >>> by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" read >>> >>> What am I missing? Thanks! >>> >>> -ron >>> >>> -- >>> Ron Parker >>> Software Creations http://www.scbbs.com >>> Self-Administration Web Site http://saw.scbbs.com >>> SDSS Subscription Mgmt Service http://sdss.scbbs.com >>> Central Ave Dance Ensemble http://www.centralaved ance.com >>> R & B Salsa http://www.randbsalsa.com >>> >>> >> >> __________ NOD32 2403 (20070717) Information __________ >> >> This message was checked by NOD32 antivirus system. >> http://www.eset.com >> >> >> > > > -- > Ron Parker > Software Creations http://www.scbbs.com > Self-Administration Web Site http://saw.scbbs.com > SDSS Subscription Mgmt Service http://sdss.scbbs.com > Central Ave Dance Ensemble http://www.centralaved ance.com > R & B Salsa http://www.randbsalsa.com > >

Re: Access to Schema
United States	2007-07-17 13:54:43
I don't know what I mean. I've searched the Internet for "access to schema" and can't seem to find an answer that works for what I'm trying to do. What I want to do is, when a user logs in, to allow the ldap client to read the schema for the server. This happens automatically when the rootdn logs in, but apparently I have to explicity create access control for a user's client to read the schema. From the examples I've been able to locate and understand, I've tried the following: access to dn="cn=subschema" by * read access to dn.base="cn=Subschema" by * read access to dn.subtree="cn=Subschema" by * read but none appear to work. Apparently, I need another example of exactly what I'm trying to do, which I don't seem able to locate. Thanks! -ron Aaron Richton wrote: > Is this what you mean, or do you mean cn=Subschema? (And note that > that's not under "dc=example,dc=com." Search the list archive for > examples.) > > On Tue, 17 Jul 2007, Ron Parker wrote: > >> Now that I can log in as a user: How do I give a user access to >> schema? This is what I'm trying now (but not working): >> >> access to dn.subtree="cn=schema,dc=example,dc=com" >> by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" read >> >> What am I missing? Thanks! >> >> -ron >> >> -- >> Ron Parker >> Software Creations http://www.scbbs.com >> Self-Administration Web Site http://saw.scbbs.com >> SDSS Subscription Mgmt Service http://sdss.scbbs.com >> Central Ave Dance Ensemble http://www.centralaved ance.com >> R & B Salsa http://www.randbsalsa.com >> >> > > __________ NOD32 2403 (20070717) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > -- Ron Parker Software Creations http://www.scbbs.com Self-Administration Web Site http://saw.scbbs.com SDSS Subscription Mgmt Service http://sdss.scbbs.com Central Ave Dance Ensemble http://www.centralaved ance.com R & B Salsa http://www.randbsalsa.com

Re: Access to Schema
United States	2007-07-17 15:30:15
Yes, you are correct. When I use this access control access to dn="cn=Subschema" by * read access to dn.subtree="cn=Subschema" by * read (don't know which one works, but one of them does) and search Subschema locally as a user: ldapsearch -H "ldap://example.com" -D 'cn=Ron,ou=Zimbra,dc=example,dc=com' -x -W -b "cn=Subschema" -s base "objectclass=Subschema" I get the expected results. However, when I click on the "Schema" tab in the client I'm using, I get nothing. So, I need to find out what the actual search being executed is and go from there. Thank you for your assistance. -ron Aaron Richton wrote: > OpenLDAP test000-rootdse searches cn=Subschema as an anonymous user. > Maybe you could start there as your example? > > I really doubt that anything "happens automatically"; that's not in > the protocol. If you turn on stats/stats2 debug level, you'll likely > see that your rootDN-configured client is executing some flavor of > search. If you're suspecting acl, you can turn on acl debug level. > > On Tue, 17 Jul 2007, Ron Parker wrote: > >> I don't know what I mean. I've searched the Internet for "access to >> schema" and can't seem to find an answer that works for what I'm >> trying to do. >> >> What I want to do is, when a user logs in, to allow the ldap client >> to read the schema for the server. This happens automatically when >> the rootdn logs in, but apparently I have to explicity create access >> control for a user's client to read the schema. >> >> From the examples I've been able to locate and understand, I've tried >> the following: >> >> access to dn="cn=subschema" by * read >> access to dn.base="cn=Subschema" by * read >> access to dn.subtree="cn=Subschema" by * read >> >> but none appear to work. Apparently, I need another example of >> exactly what I'm trying to do, which I don't seem able to locate. >> >> Thanks! >> >> -ron >> >> Aaron Richton wrote: >> >>> Is this what you mean, or do you mean cn=Subschema? (And note that >>> that's not under "dc=example,dc=com." Search the list archive for >>> examples.) >>> >>> On Tue, 17 Jul 2007, Ron Parker wrote: >>> >>>> Now that I can log in as a user: How do I give a user access to >>>> schema? This is what I'm trying now (but not working): >>>> >>>> access to dn.subtree="cn=schema,dc=example,dc=com" >>>> by dn="cn=Ron,ou=Zimbra,dc=example,dc=com" read >>>> >>>> What am I missing? Thanks! >>>> >>>> -ron >>>> >>>> -- >>>> Ron Parker >>>> Software Creations http://www.scbbs.com >>>> Self-Administration Web Site http://saw.scbbs.com >>>> SDSS Subscription Mgmt Service http://sdss.scbbs.com >>>> Central Ave Dance Ensemble http://www.centralaved ance.com >>>> R & B Salsa http://www.randbsalsa.com >>>> >>>> >>> >>> __________ NOD32 2403 (20070717) Information __________ >>> >>> This message was checked by NOD32 antivirus system. >>> http://www.eset.com >>> >>> >>> >> >> >> -- >> Ron Parker >> Software Creations http://www.scbbs.com >> Self-Administration Web Site http://saw.scbbs.com >> SDSS Subscription Mgmt Service http://sdss.scbbs.com >> Central Ave Dance Ensemble http://www.centralaved ance.com >> R & B Salsa http://www.randbsalsa.com >> >> > > __________ NOD32 2403 (20070717) Information __________ > > This message was checked by NOD32 antivirus system. > http://www.eset.com > > > -- Ron Parker Software Creations http://www.scbbs.com Self-Administration Web Site http://saw.scbbs.com SDSS Subscription Mgmt Service http://sdss.scbbs.com Central Ave Dance Ensemble http://www.centralaved ance.com R & B Salsa http://www.randbsalsa.com

[1-5]

about | contact Other archives ( Real Estate discussion Medical topics )