|
hi.all
I am developing the
draft-ietf-ldapext-acl-model-07.txt for openldap
but I have the following question about the
acl
my acl as follow--
-------------
dn:O=TW
acl:subtree#grant:d#[entry]#group:cn=user,o=org,o=tw (1) dn:O=EDU,O=TW
acl:subtree#grant:d#[entry]#subtree:o=tw (2) acl:subtree#deny:d#[entry]#subtree:o=ncu,o=edu,o=tw (3) -------------
I am bind as
"o=ncu,o=edu,o=tw"
according to the document
draft-ietf-ldapext-acl-model-07.txt
can I delete the child of "o=edu,o=tw"
?
***** note: "o=ncu,o=edu,o=tw" is a
member of group "cn=user,o=org,o=tw" *****
from role (1) I can delete the child of
"o=edu,o=tw"
from role (3) I can't delete the child of
"o=edu,o=tw"
from role (2) i can delete the child of
"o=edu,o=tw"
but the "group" is more specific then
"subtree"
but bind name "o=ncu,o=edu,o=tw" is more
-close- "o=edu,o=tw" then "o=tw"
can somebody give me some hit
thanks a lot
|