|
Hello All,
I am faced with the following problem. This is the kind of tree in my openldap
database
|--------GroupA <..... |
|--------GroupB <......
|
Admin-- root---- GroupC
< ..... more
children
| |------- Group D <......
|
| --------Group E <......
|
..........more
...........
Note each group has it's own children
I want define the Acl like this:
1.the child node can read other node on level in same group
2.father node can write it's own children
3.child node can read it's own father node
4.every node can write itself
Now the access control section is as follows:
access to attr=userpassword
by self write by anonymous auth access to *
by self write by dn="(.children)" read access to dn=".children,.children,dc=com"
by dn=".children,dc=com" write access to * by self write by users read by
anonymous none
but it can not work ,how can i write the access
control |