X-Git-Url: https://git.sur5r.net/?a=blobdiff_plain;f=doc%2Fguide%2Fadmin%2Faccess-control.sdf;h=2f50374974c5a48cc7e4297eab1f1135137f85ff;hb=59e9ff6243465640956b58ad1756a3ede53eca7c;hp=f0c9044aca664bafadf6323e71e188b71b4ac72a;hpb=a23fc2fd947fa86b240732d5421e82528e42509e;p=openldap diff --git a/doc/guide/admin/access-control.sdf b/doc/guide/admin/access-control.sdf index f0c9044aca..2f50374974 100644 --- a/doc/guide/admin/access-control.sdf +++ b/doc/guide/admin/access-control.sdf @@ -1,5 +1,5 @@ # $OpenLDAP$ -# Copyright 1999-2015 The OpenLDAP Foundation, All Rights Reserved. +# Copyright 1999-2018 The OpenLDAP Foundation, All Rights Reserved. # COPYING RESTRICTIONS APPLY, see COPYRIGHT. H1: Access Control @@ -271,7 +271,7 @@ This access directive grants read access to everyone. > by * read This directive allows the user to modify their entry, allows anonymous -to authentication against these entries, and allows all others to +to authenticate against these entries, and allows all others to read these entries. Note that only the first {{EX:by }} clause which matches applies. Hence, the anonymous users are granted {{EX:auth}}, not {{EX:read}}. The last clause could just as well @@ -781,7 +781,7 @@ H3: Basic ACLs Generally one should start with some basic ACLs such as: -> access to attr=userPassword +> access to attrs=userPassword > by self =xw > by anonymous auth > by * none @@ -1228,7 +1228,7 @@ With sets, however, it's also possible to use simple names in group ACLs, as thi show. Let's say we want to allow members of the {{F:sudoadm}} group to write to the -{{F:ou=suders}} branch of our tree. But our group definition now is using {{F:memberUid}} for +{{F:ou=sudoers}} branch of our tree. But our group definition now is using {{F:memberUid}} for the group members: > dn: cn=sudoadm,ou=group,dc=example,dc=com