# $OpenLDAP$
-# Copyright 1999-2016 The OpenLDAP Foundation, All Rights Reserved.
+# Copyright 1999-2018 The OpenLDAP Foundation, All Rights Reserved.
# COPYING RESTRICTIONS APPLY, see COPYRIGHT.
H1: Access Control
> by * read
This directive allows the user to modify their entry, allows anonymous
-to authentication against these entries, and allows all others to
+to authenticate against these entries, and allows all others to
read these entries. Note that only the first {{EX:by <who>}} clause
which matches applies. Hence, the anonymous users are granted
{{EX:auth}}, not {{EX:read}}. The last clause could just as well
Generally one should start with some basic ACLs such as:
-> access to attr=userPassword
+> access to attrs=userPassword
> by self =xw
> by anonymous auth
> by * none
show.
Let's say we want to allow members of the {{F:sudoadm}} group to write to the
-{{F:ou=suders}} branch of our tree. But our group definition now is using {{F:memberUid}} for
+{{F:ou=sudoers}} branch of our tree. But our group definition now is using {{F:memberUid}} for
the group members:
> dn: cn=sudoadm,ou=group,dc=example,dc=com