[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL



Hello all,

My problem is resolved now and I put my solution below.
Maybe we can find a shortest solution ... !?!

I want to thank all for helping me and particularely Emmanuel Jegou, Kurt D. Zeilenga and Eric Brehier for spending time to debugging my tests.

access to dn=".*ou=User,o=Right Vision" attr=userpassword
          by dn="cn=Fabrice,ou=Admin,o=Right Vision" write
          by dn="cn=Thierry,ou=Admin,o=Right Vision" write
          by * none

access to dn=".*ou=User,o=Right Vision"
          by dn="cn=Thierry,ou=Admin,o=Right Vision" write
          by dn="cn=Eric,ou=User,o=Right Vision" read
          by * none

access to dn=".*,o=Right Vision"
          by dn="cn=Fabrice,ou=Admin,o=Right Vision" write
          by * none

- The admin Fabrice has access to write and read all entries below "o=Right Vision"
- The admin Thierry has access to write and read all entries below "ou=User,o=Right Vision"
- The user Eric has access to read all entries below "ou=User,o=Right Vision" but not the userpassword attribut
- The user Pascal has no access


Below two examples of commands:

ldapsearch  -D "cn=Eric,ou=User,o=Right Vision" -w ericpassword
-b "o=Right Vision" "objectclass=*"

ldapsearch  -D "cn=Fabrice,ou=Admin,o=Right Vision" -w adminfabrice
-b "o=Right Vision" "objectclass=*"

Many thanks,

Fabrice

______________________________________________________
Get Your Private, Free Email at http://www.hotmail.com