[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL Madness cured
For those that helped me earlier I thought I would post the ACL that
finally does what I wanted. Thanks to all who responded.
To recap, I wanted a bound user to be able to create, destroy and
maintain any child record. But I did not want anyone else except the
root to be able to see them etc.( private address lists for users )
Here is the winner:
access to dn="(.*),(uid=.*,ou=users,ou=People,dc=home,dc=com)"
by anonymous auth
by dn="$2" write
Here is the answer in the FAQ-O-MATIC:
access to dn=".*,(uid=.*,o=Company)"
by dn="$1" write
by anonymous auth
In order to make this work the parentheses around the first wild card
needed to be added. The anonymous auth needed to be raised one level to
exclude anonymous viewing and the $1 needed to be changed to $2.
I included this post so others would not have to go through what I did
to get this to work. The FAQ is wrong as near as I can tell. Or maybe it
was trying to do something else, I don't know anymore but this seems to
work well.
FWIW - I hope it helps,
--
Tom
***********************************************
A computer once beat me at chess...
But, as it turns out, it was no match for me at kick boxing.