[Date Prev][Date Next] [Chronological] [Thread] [Top]

Group access control

To: openldap-software@OpenLDAP.org
Subject: Group access control
From: Tadas Miniotas <tadas@ipv6.lt>
Date: Thu, 18 Jul 2002 11:42:12 +0200
Organization: LitNET NOC

Hello,

I'm trying to inmplement group access to my LDAP database. I have 
created the following group:

dn: cn=crAdmins,dc=mysite,dc=com
cn: user administrators
objectclass: groupofNames
objectclass: top
member: uid=adminuser,ou=People,dc=mysite,dc=com
member: uid=adminuser2,ou=People,dc=mysite,dc=com

I have the following access control directives in slapd.conf:

access to dn=".*,ou=People,dc=mysite,dc=com"
        by group="cn=crAdmins,dc=mysite,dc=com" write
        by dn="cn=admin,dc=mysite,dc=com" write        
        by * none
access to *
        by dn="cn=admin,dc=mysite,dc=com" write
        by group="cn=crAdmins,dc=mysite,dc=com" read
        by * none

As far as I understand, it should grant write access to any dn under 
base ou=People,dc=mysite,dc=com for dn 
"uid=adminuser,ou=People,dc=mysite,dc=com". However, when I am trying 
to delete dn "uid=exampleuser,ou=People,dc=mysite,dc=com", I get an 
"insufficient access" error.

Would be great if somebody told me what I am missing. Thanks!

--
Tadas Miniotas

Prev by Date: Re: Residential and business addresses schema
Next by Date: Re: Fw: Help - Cannot install OpenLDAP - 'make test' failed.
Index(es):
- Chronological
- Thread