[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: having more privileged users
Hi,
That was quite a fine bunch og acls you got there. How does the search
permission work? I didn't know about it.
Tarjei
>
> If your ACLS are:
>
> access to attrs=userPassword
> by self write
> by * auth
>
> access to dn=".*,ou=My Tree,dc=my,dc=org"
> by users read
> by * none
>
> access to dn=".*,ou=Another Tree,dc=my,dc=org"
> by dn="[^,]+,ou=Apps,dc=my,dc=org"
> by * none
>
> access to *
> by * read
>
> you need to do do:
>
> access to attrs=userPassword
> by self write
> by * auth
>
> access to dn=".*,ou=My Tree,dc=my,dc=org"
> by dn="cn=YOUR USER,ou=People,dc=my,dc=org" read
> by users read
> by * none
>
> access to dn=".*,ou=Another Tree,dc=my,dc=org"
> by dn="cn=YOUR USER,ou=People,dc=my,dc=org" read
> by dn="[^,]+,ou=Apps,dc=my,dc=org"
> by * none
>
> access to *
> by dn="cn=YOUR USER,ou=People,dc=my,dc=org" read
> by * search
>
> the same applies if you need different access rights, say "write". You
> also need to set
>
>sizelimit (>MAX ENTRIES)
> timelimit (>TIME REQUIRED TO SEARCH THE WHOLE DIT)
>
> If you go to HEAD, you may also have a look at
>
> http://www.openldap.org/lists/openldap-devel/200107/msg00116.html
>
> and threads that follow.
>
> Pierangelo.
>
> --
> Dr. Pierangelo Masarati | voice: +39 02 2399 8309
> Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
> Politecnico di Milano | mailto:masarati@aero.polimi.it
> via La Masa 34, 20156 Milano, Italy |
> http://www.aero.polimi.it/~masarati
____________________
Tarjei Huse
920 63 413