[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL: preventing member deletion?
Hi,
I'm trying to set up ACL for my openldap server. I've ou=people that
contains users and ou=group that contains members. I've created a
"cn=administrators,ou=group,dc=company,dc=com" with the following members:
member: uid=admin1, ou=people,dc=company,dc=com
member: uid=admin2, ou=people,dc=company,dc=com
member: uid=admin3, ou=people,dc=company,dc=com
The ACL in slapd.conf is configured as shown below. Currently any member in
the administrator group can delete any one in that group. Is there anyway to
restrict access such that each member cannot delete other member's entry,
while still allowing the all members in the administrator group to be able
to see "*,ou=group,dc=company,dc=com" entries.
Thanks for your help.
defaultaccess none
access to attr=userpassword
by self write
by group="cn=administrators,ou=group,dc=company,dc=com" write
by * none
access to dn=".*,ou=people,dc=company,dc=com"
by self write
by group="cn=administrators,ou=group,dc=company,dc=com" write
by dn=".*,ou=people,dc=com,dc=com" read
by * none
access to dn=".*,dc=company,dc=com"
by group="cn=administrators,ou=group,dc=company,dc=com," write
by * none