[Date Prev][Date Next] [Chronological] [Thread] [Top]

other acl problems (ip modification)



I'd like make a structure like :
pc slave (192.168.2.18) makes change to master (192.168.1.17) but it is ablt 
to modify subtree Scienze
pc slave (192.168.2.19) makes change to master (192.168.1.17) but it is ablt 
to modify subtree Medicina
This is my acl list:

access to attrs=userpassword,lmpassword,ntpassword
        by self write
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="uid=manager,ou=Service,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" none
        by dn="cn=samba,ou=Service,ou=Scienze,dc=univr,dc=it" write
        by dn="cn=samba,ou=Service,ou=Medicina,dc=univr,dc=it" write
        by * none

access to attrs=shadowlastchange,pwdlastset,mailForwardingAddress
        by self write
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="uid=manager,ou=Service,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by dn="cn=samba,ou=Service,ou=(.*),dc=univr,dc=it" write
        by addr="127.0.0.1|192.168.2.*" read
        by * none

access to 
attrs=pwdcanchange,pwdmustchange,acctflags,logontime,logofftime,kickofftime,smbhome,homedrive,script,profile,ntuid,rid,grouprid,uid,uidnumber,gidnumber,cn,description,workstation
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="uid=manager,ou=Service,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by dn="cn=samba,ou=Service,ou=(.*),dc=univr,dc=it" write
        by addr="127.0.0.1|192.168.2.*" read
        by * none

access to attrs=lpquota,lpprinted,lpdate,lpnote
        by dn="cn=lpquota,ou=Service,dc=univr,dc=it" write
        by self read
        by * none

access to attrs=mailMessageStore,mailQuota
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="uid=manager,ou=Service,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by self read
        by * none

access to dn="uid=[^,]+,ou=Scienze,dc=univr,dc=it"
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by addr="192.168.2.18" write
        by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
       by * none

access to dn="uid=[^,]+,ou=Medicina,dc=univr,dc=it"
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by addr="192.168.2.19" write
        by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
       by * none

access to dn="uid=[^,]+,ou=(.*),dc=univr,dc=it"
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="uid=manager,ou=Service,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
        by * none

access to dn="dc=univr,dc=it"
        by dn="cn=manager,dc=univr,dc=it" write
        by dn="uid=manager,ou=Service,dc=univr,dc=it" write
        by dn="cn=qmail,ou=Service,dc=univr,dc=it" read
        by addr="127.0.0.1|157.27.*.*|192.168.2.*" read
        by * none

Where is the problem?Can you help me?
Francesco