[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Strange ACL request
I am running into one problem with this. I am getting an object class
violation trying to add the member attribute. Does the member attribute
require dn's of a specific objectClass? I am using person, posixAccount,
and a few others.
On Wed, 2003-04-16 at 19:17, Quanah Gibson-Mount wrote:
> --On Wednesday, April 16, 2003 6:42 PM -0500 Jerry Haltom
> <wasabi@larvalstage.net> wrote:
>
> > Would it be possible to assign a ACL by member of group in ldap.
> >
> > This seems hard to explain
> >
> > gid=admins,ou=groups,dc=feedbackplusinc,com
> > memberUid: jhaltom
> > memberUid: lburton
> >
> > I would want both uid=jhaltom,ou=users,dc=feedbackplusinc,dc=com as well
> > as the same with lburton to have higher permissions. I don't want to
> > specify these users specifically in the slapd.conf.
> >
> > I was wondering if this kind of regular expression, substitution,
> > whatever, is possible in a OpenLDAP 2.1 ACL?
>
> Yes, although lburton would simply be in an ACL group with higher
> permissions, not in both locations.
>
> We use that right now @ Stanford for our ldapAdmins group.
>
> Something like:
>
> dn: cn=admins,ou=groups,dc=feedbackplusinc,dc=com
> objectClass: groupOfNames
> cn: ldapAdmin
> member: uid=jhaltom,ou=users,dc=feedbackplusinc,dc=com
> <other ldapadmin members>
>
> Then in your slapd.ACL file
>
> access to *
> by group.base="cn=admins,ou=groups,dc=feedbackplusinc,dc=com" read
> by * break
>
> --Quanah
>
>
>
> --
> Quanah Gibson-Mount
> Senior Systems Administrator
> ITSS/TSS/Computing Systems
> Stanford University
> GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html
>