On Wed, Dec 15, 1999 at 10:46:50AM +0000, John P. Looney mentioned: > > OK. just checking that I'm on the right track. > > I want the "defaultaccess" on everything except the ou=People subgroup to > be "read". I want anyone that logs in with a password, where they have an > attribute "role=staff" to be able to read all ou=People records, and modify > their own. I also have a user "anonymous" whom I want to give search access > to. This works. To an extent. defaultaccess none access to dn="ou=.*,o=online.ie,dc=fv,dc=digiserve,dc=ie" by * read access to dn="uid=.*,ou=People,o=online.ie,dc=fv,dc=digiserve,dc=ie" by self write by dn="uid=anonymous,ou=People,o=online.ie,dc=fv,dc=digiserve,dc=ie" search by * none Can I now restrict the fields that the "anonymous" user can search ? John -- Microsoft. The best reason in the world to drink beer. http://www.redbrick.dcu.ie/~valen
Attachment:
pgpTk75zlLG1i.pgp
Description: PGP signature