Re: Continued: Security question. (fwd)

[Cliff Friedel <cliff@wrkcs.net>]

Ok, so my acl would be something like

access to (whatever)
	by groupOfNames="cn=Administrators,dc=<domain>,dc=net" write
	by * none

Is this right or would I actually use something like this?
access to (whatever)
	by dnattr=groupOfNames/member
	by * none

I will probably try both before I get a response, but I would really like
to know which one is more correct if both work.... Thanks for all the
help!

Cliff

On Fri, 30 Jun 2000, Kurt D. Zeilenga wrote:

> ACL groups default to groupOfNames/member.  You can
> also use groupOfUniqueNames/uniqueMember.
> 
> Using posixgroup/memberuid makes little sense as memberuid
> is not of DN syntax.
> 
> At 04:40 PM 6/30/00 -0400, Cliff Friedel wrote:
> >On Fri, 30 Jun 2000, blair christensen wrote:
> >> 
> >> i used the following to get group permissions to work:
> >> 
> >> access to <attribute>
> >>         by group/posixgroup/memberuid="cn=<group name>,ou=group,<domain components>" write
> >>       <snip>
> >> 
> >> where my groups are 'posixGroups' and the members of the groups are
> >> listed in the 'memberUID' attribute.  you may want to try a similiar
> >> technique.
> >> 
> >Ok, read RFC2037 for posixAccount and posixGroup information and am now
> >totally confused (almost to the point that I am not sure whether my LDIFs
> >need to be totally reconfigured to match POSIX guidelines).  Can you give
> >me an example LDIF for the group and 1 member's LDIF for me to look at? I
> >realize this is a lot to ask, but I have yet to find a really good
> >resource to get this information from (other than this list =) ).  If you
> >could help me out I would greatly appreciate it.  Thanks.
> >
> >Cliff
> 
> 
>