[Date Prev][Date Next] [Chronological] [Thread] [Top]

how to setup ACL to delele entry

To: <openldap-software@OpenLDAP.org>
Subject: how to setup ACL to delele entry
From: "Corisen" <csyap@starnet.gov.sg>
Date: Wed, 29 Nov 2000 19:43:49 +0800
References: <3A248C0C.F957C5ED@poboxes.com> <00cb01c059ec$f2c7ace0$050010ac@starnet.gov.sg>

Hi,

I've created a group "cn=accountadmin,ou=group,dc=company,dc=com" with
member:
member: uid=acadmin,ou=people,dc=company,dc=com

Binded as uid=acadmin, I'm unable to delete any user under
"uid=*,ou=people,dc=company,dc=com". It says insufficient access. What
changes/additions should I make to allow user deletion user uid=acadmin.

Please see below my ACL.

ps: it is valid to have 2 "by group=" in the same access directive?

Thanks.

defaultaccess none

access to attr=userpassword
 by self write
 by group="cn=administrators,ou=group,dc=company,dc=com" write
 by * none

access to dn=".*,ou=people,dc=company,dc=com"
 by self write
 by group="cn=administrators,ou=group,dc=company,dc=com" write
 by group="cn=accountadmin,ou=group,dc=company,dc=com" write <-- valid to
have 2 "by group"?
 by dn=".*,ou=people,dc=com,dc=com" read
 by * none

access to dn=".*,dc=company,dc=com"
 by group="cn=administrators,ou=group,dc=company,dc=com," write
 by * none

References:
- confusing
  - From: unplug <unplug@poboxes.com>
- ACL: preventing member deletion?
  - From: "Corisen" <csyap@starnet.gov.sg>

Prev by Date: Re: Redhat - start script
Next by Date: Re: openldap, back-sql, database table and stored procedures
Index(es):
- Chronological
- Thread