fre, 2002-08-09 kl. 13:26 skrev Brian Sullivan: > All, > > Don't know if you all can help me but I am trying to put an ACI on a branch my > directory and can't figure it out. I have a group with 100 members > or so, > cn=mygroup,ou=myapplication,o=mycompany.com > I also have an administrative user > uid=myapp-admin,ou=Administrators,o=mycompany.com > I need an ACI such that the myapp-admin has total access and such that the folks > in the mygroup have readonly access to the branch > ou=myapplication,o=mycompany.com. Does anyone know if this is > possible and how it might be done? Hate this ASCII art, hope you are using Courier or another monospaced font. Shuffle your org into a more logical hierarchy: _ dc=mycompany,dc=com | |________________________________________________________ | | cn=myapp-admin,ou=Administrators,dc=mycompany,dc=com | | ou=mygroup,dc=mycompany,dc=com | | cn=myapplication,ou=mygroup,dc=mycompany,dc=com --- ou=mygroup,dc=mycompany,dc=com is "top, group of names", with named members. ___ access to dn="cn=myapplication,ou=mygroup,dc=mycompany,dc=com" by anonymous auth by dn=".*,ou=Administrators,dc=mycompany,dc=com" write by group="ou=mygroup,dc=mycompany,dc=com" dnattr=member read by * none ___ Actually you can have far more complicated structures than this :-) I'd seriously suggest that, if you are using or can use Gnome on Linux (or Solaris?), that you get hold of GQ. It will teach you to "see" hierarchies and, together with 'tail -f' on a slapd -d256 log output, tell you whenever you go wrong and why. Won't help you writing the ACLs, but certainly wil tith the organization. Best, Tony -- Tony Earnshaw The usefulness of RTFM is vastly overrated. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel