LDAP Access Control

Access to slapd entries and attributes is controlled by the
olcAccess attribute, whose values are a sequence of access directives.
The general form of the olcAccess configuration is:
        olcAccess:
         ::= to
                [by  [] [] ]+
         ::= * |
                [dn[.]= | dn.=]
                [filter=] [attrs=]
         ::= regex | exact
         ::= base | one | subtree | children
         ::=  [val[.]=] |  ,
         ::=  | entry | children
         ::= * | [anonymous | users | self
                        | dn[.]= | dn.=]
                [dnattr=]
                [group[/[/][.]]=]
                [peername[.]=]
                [sockname[.]=]
                [domain[.]=]
                [sockurl[.]=]
                [set=]
                [aci=]
         ::= [self]{|}
         ::= none | disclose | auth | compare | search | read | write | manage
         ::= {=|+|-}{m|w|r|s|c|x|d|0}+
         ::= [stop | continue | break]
where the  part selects the entries and/or attributes to which the access applies, the  part specifies which entities are granted access, and the  part specifies the access granted. Multiple   
triplets are supported, allowing many entities to be granted different
access to the same set of entries and attributes. Not all of these
access control options are described here; for more details see the slapd.access(5) man page.
5.3.1. What to control access to
The  part of an access specification determines the
entries and attributes to which the access control applies. Entries are
commonly selected in two ways: by DN and by filter. The following
qualifiers select entries by DN:
        to *
        to dn[.]=
        to dn.=

标签：

版权申明：本站文章部分自网络，如有侵权，请联系：west999com@outlook.com
特别注意：本站所有转载文章言论不代表本站观点，本站所提供的摄影照片，插画，设计作品，如需使用，请与原作者联系，版权归原作者所有