[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Odp: Re: Problem with ACL
tir, 2002-10-15 kl. 22:43 skrev Andy Nat:
> > This isn't going to get you anywhere. Make a tree with its
> > roots in the air. everything to the left is hidden, everything
> > to the right is open:
> >
> > dc=com
> > |
> > dc=company
> > ______|______
> > | |
> > ou=secret ou=open
> So if I understand what you mean I should make something like:
>
> dc=com
> |
> dc=company
> ___________|_________________
> | |
> ou=secret,cn=AB,mail=ab@cmp.pl ou=public
> |
> ou=secret,cn=CB,mail=cb@cmp.pl
> |
> ou=secret,cn=DE,mail=de@cmp.pl
This is possible, though I still find it horrible. I'm an old NetWare
NDS person, where (NetWare NDS 4.1) it wouldn't have been possible at
all. You'd have one h*ll of a time making ACLs to get it to work, but
you could, if you tried hard enough.
Take: ou=secret,cn=AB,mail=ab@cmp.pl, for example. Why not make it:
dn: cn=AB,ou=secret,dc=cmp,dc=pl <-- tree with leaf
objectClass: top
objectClass: person
objectClass: inetOrgPerson
sn: Polanski
cn: AB <--- (or Vasily or Alexey or whatever, leaf that belongs to
ou=secret)
mail: ab@cmp.pl <-- leaf that belongs to ou=secret
You *could* have had:
dn: mail=ab@cmp.pl,ou=secret,dc=cmp,dc=pl
objectClass: top
objectClass: person
objectClass: inetOrgPerson
sn: Polanski
cn: AB <--- (or Vasily or Alexey or whatever, leaf that belongs to
ou=secret)
mail: ab@cmp.pl <-- leaf that belongs to ou=secret
because the 'mail' attribute is supposed to be unique - but that's lousy
reasoning to my mind.
Best,
Tony
--
Tony Earnshaw
"There are many people who can't face the truth ... If you rob a
normal person of life's lies, at the same time you'll be robbing
him of his happiness."
>From Henrik Ibsen's "Vildanden", "The wild Duck."
e-post: tonni@billy.demon.nl
www: http://www.billy.demon.nl