конфигурация доступа для slapd, автономного демона LDAP (access configuration for slapd, the stand-alone LDAP daemon)
THE ACCESS DIRECTIVE
The structure of the access control directives is
access to <what> [ by <who> [ <access> ] [ <control> ] ]+
Grant access (specified by <access>) to a set of entries
and/or attributes (specified by <what>) by one or more
requestors (specified by <who>).
Lists of access directives are evaluated in the order they appear
in slapd.conf. When a <what> clause matches the datum whose
access is being evaluated, its <who> clause list is checked.
When a <who> clause matches the accessor's properties, its
<access> and <control> clauses are evaluated.
Access control checking stops at the first match of the <what>
and <who> clause, unless otherwise dictated by the <control>
clause. Each <who> clause list is implicitly terminated by a
by * none stop
<control> clause. This implicit <control> stops access directive
evaluation with no more access privileges granted to anyone else.
To stop access directive evaluation only when both <who> and
<what> match, add an explicit
by * break
to the end of the <who> clause list.
Each <what> clause list is implicitly terminated by a
access to *
by * none
clause that results in granting no access privileges to an
otherwise unspecified datum.
