[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Group access control
Hello,
I'm trying to inmplement group access to my LDAP database. I have
created the following group:
dn: cn=crAdmins,dc=mysite,dc=com
cn: user administrators
objectclass: groupofNames
objectclass: top
member: uid=adminuser,ou=People,dc=mysite,dc=com
member: uid=adminuser2,ou=People,dc=mysite,dc=com
I have the following access control directives in slapd.conf:
access to dn=".*,ou=People,dc=mysite,dc=com"
by group="cn=crAdmins,dc=mysite,dc=com" write
by dn="cn=admin,dc=mysite,dc=com" write
by * none
access to *
by dn="cn=admin,dc=mysite,dc=com" write
by group="cn=crAdmins,dc=mysite,dc=com" read
by * none
As far as I understand, it should grant write access to any dn under
base ou=People,dc=mysite,dc=com for dn
"uid=adminuser,ou=People,dc=mysite,dc=com". However, when I am trying
to delete dn "uid=exampleuser,ou=People,dc=mysite,dc=com", I get an
"insufficient access" error.
Would be great if somebody told me what I am missing. Thanks!
--
Tadas Miniotas