[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: slapd.conf acl based on uniqueMember attribute
On Sat, 12 May 2001, Kurt D. Zeilenga wrote:
> >I need to create 2 ou's (one for accounts and one for class roles). User
> >accounts follow the standard rfc2307 schema using posixAccount
> >objectclass. Class roles are represented by the groupOfNames objectclass.
> >I need to define an ACL in slapd.conf which allows the 'owner' attribute
> >value in the groupOfNames write access to the DN's specified by the
> >'member' attribute.
>
> access to filter=(objectClass=groupOfNames) attrs=member
> by dnattr=owner write
> ...
Hmmm....now this would seem to say
"for all entries that have the groupOfNames objectclass
value, give the 'owner' of that entry, write access to
the DN value stored in the member attribute."
Did I miss something?
What need to be able to do is to say...
"for all entries that have the groupOfNames objectclass
value, give the 'owner' of that entry, write access to
the entry named by the DN stored in the member attribute."
^^^^^^^^^^^^^^^^^^^^^^^^^
Does that make sense? Or am I confused on how your ACL works? I was under
the assumption that the "attrs=" defined to which attributes in the
defined entry the ACL would apply. I need one level of indirection here I
think.
Cheers, jerry
----------------------------------------------------------------------
/\ Gerald (Jerry) Carter Professional Services
\/ http://www.valinux.com/ VA Linux Systems gcarter@valinux.com
http://www.samba.org/ SAMBA Team jerry@samba.org
http://www.plainjoe.org/ jerry@plainjoe.org
"...a hundred billion castaways looking for a home."
- Sting "Message in a Bottle" ( 1979 )