fre, 2002-09-13 kl. 13:42 skrev Howard Chu: > > by group="cn=peoplemanagers,ou=groups,dc=billy,dc=demon,dc=nl" > > dnattr=member write > This doesn't look right to me, but I'm not sure I understand the example. It > sounds to me like you have a group "cn=local group,dc=example,dc=com" and you > have another group "cn=peoplemanagers,dc=example,dc=com" and you're saying > that the members of "peoplemanagers" are allowed to modify attributes on the > members of "local group." > There is no facility that lets you specify members of a group as the target > of an ACL. It might be nice to say "access to group=foo by group=bar write" > but slapd doesn't support this. No. Exactly. Howard, I (being a "Bear of Little Brain" ^TM A. A. Milne) have this golden rule with computers and computer software: "If it works, do/use it. If it doesn't work, RTFM or go kick others 'til it does. In the end, it's going to work anyway, so keep RTFMing or kicking." So, it works. My complete ACL, as I answered _Ace (far above this on the list), is: access to dn="dc=billy,dc=demon,dc=nl" attrs=homePhone,mobile,carPhone,birthDate attrs=homePostalAddress,fileAs attr=labeledURI by anonymous auth # <- *no comment, please!* by self write by dn="cn=Admin,dc=billy,dc=demon,dc=nl" write by dn=".*,ou=people,ou=groups,dc=billy,dc=demon,dc=nl" read by group="cn=peoplemanagers,ou=groups,dc=billy,dc=demon,dc=nl" dnattr=member write by * none # Most of the above attributes are from evolution.schema, grace à Adam Williams, so don't go looking for them unless you use Ximians Evolution and use the back door :-) Thanks for pointing out that I should make myself clear. Tuesday last, I was lambasted by a professional colleague, on the job by a client, for making myself too clear. Tsk tsk, you just can't win. Best, Tony -- Tony Earnshaw Tha can allway tell a Yorkshireman, but tha canna tell 'im much. e-post: tonni@billy.demon.nl www: http://www.billy.demon.nl gpg public key: http://www.billy.demon.nl/tonni.armor Telefoon: (+31) (0)172 530428 Mobiel: (+31) (0)6 51153356 GPG Fingerprint = 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981 3BE7B981
Attachment:
signature.asc
Description: Dette er en digitalt signert meldingsdel