From owner-freebsd-questions@FreeBSD.ORG  Wed Apr 26 07:42:41 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: questions@freebsd.org
Delivered-To: freebsd-questions@FreeBSD.ORG
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 9F10316A404
	for <questions@freebsd.org>; Wed, 26 Apr 2006 07:42:41 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1A51A43D53
	for <questions@freebsd.org>; Wed, 26 Apr 2006 07:42:40 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.24.8.84] (generic.ATOSORIGIN.ES [212.170.156.200])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 3605B2E064
	for <questions@freebsd.org>; Wed, 26 Apr 2006 09:42:39 +0200 (CEST)
Message-ID: <444F246D.8030400@locolomo.org>
Date: Wed, 26 Apr 2006 09:42:37 +0200
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5 (X11/20060118)
MIME-Version: 1.0
To: questions@freebsd.org
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 7bit
Cc: 
Subject: OpenLDAP: ACL and binddn when dn contains non-ascii chars
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Apr 2006 07:42:41 -0000

Hi:

I'm trying to build my address book, now since my own name contains
non-ascii characters, my cn becomes

cn:: RXJpayBOw7hyZ2FhcmQ=

I wish to restrict access so that each person can edit his own details,
but not search the entire directory, something like this should do:

# Access Control:
access to attrs=userPassword
     by self write
     by anonymous auth
     by * none
access to *
     by self write
     by dn.base="cn=<myname>,ou=people,dc=domain,dc=tld" read
     by * none

But what do I put in place of "cn=<myname>"?

2nd: For now, I have,

access to *
     by self write
     by users read
     by * none

But, what do I set as binddn? I am using the address book with
Thunderbird and I don't know if it is smart enough to convert iso chars
to utf-8.

Thanks, Erik
-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F0C.crt
Subject ID:  69:79:B8:2C:E3:8F:E7:BE:5D:C3:C3:B1:74:62:B8:3F:9F:1F:69:B9
Fingerprint: 7F:80:96:EA:95:92:E2:23:1F:FA:0F:98:92:C2:CC:55:6B:9A:8C:92