[nssldap] acl for libnss attributes

[Date Prev][Date Next] [Thread Prev][Thread Next]

From: Alex Samad <alex [at] samad.com.au>
To: nssldap [at] padl.com
Subject: [nssldap] acl for libnss attributes
Date: Sun, 28 Jan 2007 21:34:00 +1100

Hi

is there  FAQ which outlines the sort of access that is needed for libnss to
the directory attributes.

i have something that looks like this 

access to attrs=userPassword
        by dn.exact="cn=libnss-ldap" read
        by self write
        by anonymous auth
        by * none

# Used to limit where userid's are visible
access to attrs=host
        by dn.exact="cn=libnss-ldap" read
        by * search

# unix account information System only
access to attrs=shadowMax,shadowWarning,shadowFlag,shadowLastChange
        by dn.exact="cn=libnss-ldap" read
        by * none

# unix account information user readable
access to attrs=loginShell,homeDirectory,uidNumber,gidNumber
        by dn.exact="cn=libnss-ldap" read
        by self read
        by * none



It seems to work, but I am not sure if something is silently failing

Alex

[nssldap] acl for libnss attributes, Alex Samad

Prev by Date: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Next by Date: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Previous by thread: Re: [nssldap] nss_ldap - filter for nss_base_passwd not functional
Next by thread: [nssldap] nss_ldap on SLES 10