Topic 7

Date: 3/1/2017
Lightweight Directory Access Protocol (LDAP)
Linux System Administration

Access Control List

  • If not explicitly specified, the default access control policy is allow read by all clients. The rootdn always has full access to the database.
  • ACL defines what, by who and how can be accessed in LDAP database.
    access to < what > by < who > < Access level >
    Directory tree level or objectclass attribute LDAP user specifier none, auth, compare, search, read, write

  • Example of the ACL in slapd.conf:
    # lock down passwords
    access to attr=userPassword
           by self write
           by anonymous auth
           by dn="cn=Manager,dc=example,dc=com"  write
    # everything else is read-only
    access to *
           by dn="cn=Manager,dc=example,dc=com"  write
           by * read

  • The default access in end of the statements is meant:
    by * none

  • Examples of ACL

  • Take me to the Course Website