[Date Prev][Date Next] [Chronological] [Thread] [Top]

acl's with sbu entries

To: openldap-software@OpenLDAP.org
Subject: acl's with sbu entries
From: Tim Tassonis <timtas@dplanet.ch>
Date: Fri, 25 Apr 2003 22:03:16 +0200
Envelope-to: openldap-software@OpenLDAP.org

Hi

I've got following directory structure:

dn: cn=tg1,ou=target,dc=trivadis,dc=com
objectClass: Target
cn: tg1
userPassword: pwtg1
    dn: ou=Roles,cn=tg1,ou=target,dc=trivadis,dc=com
    objectClass: organizationalUnit
    ou: Roles
        dn: cn=Users,ou=Roles,cn=tg1,ou=target,dc=trivadis,dc=com
        objectClass: TargetRole
        cn: Users
    dn: ou=People,cn=tg1,ou=target,dc=trivadis,dc=com
    objectClass: organizationalUnit
    ou: People
        dn: cn=uid1,ou=People,cn=tg1,ou=target,dc=trivadis,dc=com
        objectClass: person
        cn: uid1
        sn: uid1

dn: cn=tg2,ou=target,dc=trivadis,dc=com
objectClass: Target
cn: tg2
userPassword: pwtg2
    dn: ou=Roles,cn=tg2,ou=target,dc=trivadis,dc=com
    objectClass: organizationalUnit
    ou: Roles
        dn: cn=Users,ou=Roles,cn=tg2,ou=target,dc=trivadis,dc=com
        objectClass: TargetRole
        cn: Users
    dn: ou=People,cn=tg2,ou=target,dc=trivadis,dc=com
    objectClass: organizationalUnit
    ou: People
        dn: cn=uid1,ou=People,cn=tg2,ou=target,dc=trivadis,dc=com
        objectClass: person
        cn: uid1
        sn: uid1

I now can authenticate myself on the directory with either:
- cn=tg1,ou=target,dc=trivadis,dc=com  / pwtg1
- cn=tg2,ou=target,dc=trivadis,dc=com  / pwtg2

What I would like to define in my acl is that the each bind will give
access to everything under his sub entries but no access to the other
entries. Unfortunately, I have no idea how to do this.

Is this possible and if yes, how?

Bye
Tim

Follow-Ups:
- Re: acl's with sbu entries
  - From: Daniel Tiefnig <dantie@gmx.at>

Prev by Date: Make problems
Next by Date: Re: Make problems
Index(es):
- Chronological
- Thread