[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control Tip

To: <openldap-software@OpenLDAP.org>
Subject: Access Control Tip
From: Luiz Ernesto Pinheiro Malère <luiz.malere@eversystems.com>
Date: Thu, 3 Apr 2003 12:19:28 -0300

Hello,

I would like to ask some help on implementing the following access rule,
it's simple :

o=top
   |
   |-------------------------|--------------------------|
ou=sales                         ou=mkt                           ou=...

This is a customer tree and he doesn't centralize users on a node like
ou=people. Otherwise there are uid's on the ou=sales, ou=mkt, ou=...

He needs the following access rule:

"Allow users to write to their own organizational unit children, and read
from all others"

I thought about writing the rule like this, but I don't know if it's
possible.

# $1 would assume the value of the specific ou.
access to dn.subtree="ou=.*,o=top"
                by dn.children="ou=$1,o=top" write

access to dn.children="o=top"
                by * read

Any help would be appreciated. Thanks !

Luiz Ernesto Pinheiro Malère
luiz.malere@eversystems.com
55 11 3759-8118
_________________________________________
EverSystems | The Next Generation Systems
São Paulo     www.eversystems.com

Prev by Date: Re: Problem building OpenLDAP on Solaris
Next by Date: Newbie: can't populate LDAP database
Index(es):
- Chronological
- Thread