[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Tough ACI Question
>Don't know if you all can help me but I am trying to put an ACI on a branch
>my directory and can't figure it out. I have a group with 100 members or
>so,
>cn=mygroup,ou=myapplication,o=mycompany.com
>I also have an administrative user
>uid=myapp-admin,ou=Administrators,o=mycompany.com
>I need an ACI such that the myapp-admin has total access and such that the
>folks in the mygroup have readonly access to the branch
>ou=myapplication,o=mycompany.com. Does anyone know if this is possible and
>how it might be done?
How is this hard? Standard ACI stff covered in documentation.
Set your ACI type field to "group" and you subject field to the dn of the
groupOfNames.
OpenLDAPaci:OID#SCOPE#RIGHTS#TYPE#SUBJECT
So an OpenLDAPaci attribute might look like:
OpenLDAPaci: 1#entry#grant;r,w;[all]#group#cn=cis,ou=Groups,dc=Example,dc=Com
See ftp://kalamazoolinux.org/pub/pdf/ldapv3.pdf