Ron Parker wrote:
> From the examples I've been able to locate and
understand, I've tried
> the following:
>
> access to dn="cn=subschema" by * read
> access to dn.base="cn=Subschema" by * read
> access to dn.subtree="cn=Subschema" by *
read
>
> but none appear to work. Apparently, I need another
example of exactly
> what I'm trying to do, which I don't seem able to
locate.
A snippet from my slapd.conf:
#-----------------------------------------------------------
----------
# Allow anyone to look at the Schema and SubSchema
access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read
#-----------------------------------------------------------
----------
This works for us in terms of letting anyone look up the
schemas (tested with
'gq' on a linux workstation, doing an anonymous bind.)
Gregory
--
Gregory K. Ruiz-Ade
Sr. Systems Administrator
Computer Science and Engineering
University of California, San Diego
Office: EBU3b 1216
Phone: (858) 822-2625
E-mail: gkra cs.ucsd.edu
|
