[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ACL help
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Jason Bodnar
> Sent: Wednesday, April 26, 2000 10:03 AM
> To: openldap-software@OpenLDAP.org
> Subject: ACL help
>
>
> Currently, we have the following acls:
>
> defaultaccess read
>
> access to attr=userpassword
> by self write
> by * none
>
> access to attr=manager,serial,title,isManager,actingUid,email
> by self write
> by dnattr=manager write
> by group="cn=OrgChart
> Admins,ou=web,ou=groups,o=Tivoli Systems"
> write
>
> But this keeps people in the OrgChart Admins group from being
> able to create
> new entries. Is it possible to set up an acl that will allow a
> group to add new
> entries but only modify certain attributes of an entry that
> already exists?
If you just add another clause at the end of your list
access to * by group="cn=Orgchart Admins..." write
that should do it. Also, in your userpassword ACL, don't you want
"by * auth" instead of "by * none" ? Is your userpassword attribute
actually used for anything?
>
> --
> Jason Bodnar + jbodnar@tivoli.com + Tivoli Systems
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
- References:
- ACL help
- From: Jason Bodnar <jbodnar@tivoli.com>