Access Control List

  • If not explicitly specified, the default access control policy is allow read by all clients. The rootdn always has full access to the database.
  • ACL defines what, by who and how can be accessed in LDAP database.
    access to < what > by < who > < Access level >
    Directory tree level or objectclass attribute LDAP user specifier none, auth, compare, search, read, write

  • Example 
    # lock down passwords
access to attr=userPassword
       by self write
       by anonymous auth
       by dn="cn=Manager,dc=example,dc=com"  write

# everything else is read-only
access to *
       by dn="cn=Manager,dc=example,dc=com"  write
       by * read

  • The default access in end of the statements is meant: 
    by * none

  • Examples of ACL
    Previous Pageprevious First Pagetop Next Pagenext