[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: restric access to a group



I'm not sure: is "group" in ACL only for the groupOfNames objectclass (and
not groupOfUniqueNames)? Take a look at this and try the alternate syntax
suggested:

http://www.openldap.org/faq/index.cgi?file=52

> From: Vincent MATHIEU <Vincent.Mathieu@univ-nancy2.fr>
> Date: Mon, 29 Jan 2001 15:15:20 +0100
> To: openldap-software@OpenLDAP.org
> Subject: restric access to a group
> 
> Hi,
> 
> I'd like to give write permission to a group (GroupOfUniquenames).
> 
> For example, in my slapd.conf :
> 
> defaultaccess    none
> 
> access to dn=ou=prem,ou=Pers,dc=univ-nancy2,dc=fr
> by dn="uid=toto,ou=people,ou=pers,dc=univ-nancy2,dc=fr" write
> by group="cn=group1,ou=groups,ou=pers,dc=univ-nancy2,dc=fr" write
> by * read
> 
> Here is the group :
> dn: cn=Group1,ou=Groups,ou=Pers,dc=univ-nancy2,dc=fr
> cn: Group1
> objectClass: top
> objectClass: groupOfUniqueNames
> uniqueMember: uid=titi,ou=People,ou=Pers,dc=univ-nancy2,dc=fr
> 
> 
> I can write in ou=prem,ou=Pers,dc=univ-nancy2,dc=fr if I bind with the uid
> toto, but I can't write if I bind with the uid titi (ldap_add: Insufficient
> access,   additional info: no write access to parent).
> 
> How can I do that?
> 
> Thank's
> 
> Vincent
> -- 
> Vincent MATHIEU  
> CRI - Universite NANCY 2            | Email : Vincent.Mathieu@univ-nancy2.fr
> Pole Lorrain de Gestion             | Tel   : (33) 03.83.39.64.06
> 13, Rue Michel Ney - C.O. 75        | Fax   : (33) 03.83.39.64.43
> 54013 Nancy Cedex.   FRANCE
> 
>