[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access control config

To: openldap-software@OpenLDAP.org
Subject: Access control config
From: jgaleano@gva.es
Date: Fri, 1 Oct 1999 20:42:35 +0200

I'm trying to set up a system with a distributed user 
management in such a way that there will be a manager 
for each sub-organization. The manager for one 
suborganization musn't be able to do anything but read 
entrys below other suborgs.
I have tried to filter the privileges giving access 
with access control lists like the following one

access to dn=".*,ou=suborg1,o=org,c=ES"
  by dn="cn=manager-suborg1,ou=suborg1,o=org,c=ES" write

but, to my surprise, I have experienced that with this 
it is forbidden to create new entries for that manager 
even under his suborganization, and to let the manager 
add new entries I have to give him acces to anything 
directly under the whole organization.
Is there a way to give "add-permissions" without having 
to give access to other suborganizations?

Any ideas would be appreciated.
TIA.

________________________________________________________
______
    Joaquín Galeano
    Servicio de Sistemas y Telecomunicaciones
    Cons. Justicia y Administraciones Públicas - 
Generalitat Valenciana

    Tel. (+34) 96 3865461            E-mail:  
jgaleano@gva.es
    Fax. (+34) 96 3866303
 
________________________________________________________
______

Follow-Ups:
- Re: Access control config
  - From: Stuart Lynne <sl@fireplug.net>

Prev by Date: Re: ldapadd: hopelessly slow loading due to high disk iowait
Next by Date: Re: Access control config
Index(es):
- Chronological
- Thread