[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs again



On Wed, Dec 15, 1999 at 10:46:50AM +0000, John P. Looney mentioned:
> 
>  OK. just checking that I'm on the right track.
> 
>  I want the "defaultaccess" on everything except the ou=People subgroup to
> be "read". I want anyone that logs in with a password, where they have an
> attribute "role=staff" to be able to read all ou=People records, and modify
> their own. I also have a user "anonymous" whom I want to give search access
> to.

 This works. To an extent.

defaultaccess none
access to dn="ou=.*,o=online.ie,dc=fv,dc=digiserve,dc=ie" 
by * read
access to dn="uid=.*,ou=People,o=online.ie,dc=fv,dc=digiserve,dc=ie" 
by self write 
by dn="uid=anonymous,ou=People,o=online.ie,dc=fv,dc=digiserve,dc=ie" search 
by * none

 Can I now restrict the fields that the "anonymous" user can search ?

John

-- 
Microsoft. The best reason in the world to drink beer.
http://www.redbrick.dcu.ie/~valen

Attachment: pgpTk75zlLG1i.pgp
Description: PGP signature