directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kevin Hamilton <khamil...@umem.org>
Subject Re: [ApacheDS] Re: Access Restriction
Date Thu, 03 Nov 2011 18:13:55 GMT
Hello Oliver and Company,

I had successfully enabled the accessControl. My issue now is that I
am using another superuser I created (I called it admin2) to modify my
users. Now, I am no longer to modify my users because he does not have
access.

I read about Prescriptive ACIs, but the lack of examples left me kind
of stumped. How can I grant all access to admin2 only, or something
with the dn=uid=admin,ou=system?

Thanks,
Kevin

On Wed, Nov 2, 2011 at 2:04 PM, Oliver Schmidt
<oliver.schmidt.wue@arcor.de> wrote:
> On Wed, 02 Nov 2011 13:59:25 +0100, Kevin Hamilton <khamilton@umem.org>
> wrote:
>
>> Hello everyone,
>>
>> My name is Kevin and I am writing to ask a question about access to
>> ApacheDS 2.0.0-M2. Currently I have a bunch of users set up and the
>> apacheds is used to authenticate the users on my website. My question
>> is about accessing the apacheds. On my Apache Directory Studio, I can
>> login as admin and see everything. The problem is that I can also log
>> in as any other user in the database and I can see other user's
>> information. Not sure if I am being clear.
>>
>> If someone has their own username and password and also the port and
>> address of my server, they can login (using Apache Directory Studio or
>> any other client) and see all of the records. Obviously the passwords
>> are hashed, but it is still a liability for the users to be able to
>> see e-mails/etc of other users.
>>
>> Is there any way to limit the information that certain users can see
>> (ie, they could login, but not see any records)?
>>
>> Please let me know soon.
>>
>> Thanks,
>> Kevin
>
>
> Hi Kevin,
>
> I'm moving this topic to the users list...
>
> There's a chapter about this topic in the doco. Please see the User Guides
> on the topic "authorization".
>
> Depending on what you intend to allow/disallow your users to see in your
> directory, you might also need to write some ACIs. If you want, I can assist
> you setting this up.
>
> Please note that ehe documentation still mentions the server.xml file. This
> file is however obsolete in version 2.0. Instead, config is done directly in
> the server. You can alter the configuration using ehe Directory Studio. Just
> look under the ou=config node.
>
> Kind regards
> Oliver
>



-- 
Thanks,
Kevin

Mime
View raw message