[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: multiple conditions in ACL

To: DEVRIENDT ERIK <erik.devriendt@siemens.com>
Subject: Re: multiple conditions in ACL
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Thu, 18 Dec 2003 12:35:44 -0800
Cc: openldap-software@OpenLDAP.org
In-reply-to: <6B5EC7714F68974C9313EB2C24D8CD5A034669E0@brub002a.siemens. be>
References: <6B5EC7714F68974C9313EB2C24D8CD5A034669E0@brub002a.siemens.be>

At 05:04 AM 12/17/2003, DEVRIENDT ERIK wrote:
>Hi,
>
>(I forgot to give a descriptive Subject in a previous atempt, so I try
>again.
> Sorry for that).
>
>I want to give write access to a group object 'g1' (groupOfUniqueNames)
>only to people that are member of that group AND are member of
>another group 'admin'.
>How do I formulate that in an ACL ?

(of the cuff...)

access to dn.base="ou=gl,dc=example,dc=com"
  by group/groupOfUniqueNames/uniqueMember.exact="ou=gl,dc=example,dc=com" break
  by * none

access to dn.base="ou=gl,dc=example,dc=com"
  by groupgroupOfUniqueNames/uniqueMember.exact="ou=admin,dc=example,dc=com" write
  by * none


>Erik Devriendt
>Project Engineer
>
>Siemens n.v./s.a. 
>EIT-ES5
>Tel. ++32 2-536.48.56 
>Fax ++32 2-536.28.80 
>
>mailto:Erik.Devriendt@siemens.com
>http://www.siemens.be

Follow-Ups:
- Re: multiple conditions in ACL
  - From: Ace Suares <ace@suares.nl>

References:
- multiple conditions in ACL
  - From: DEVRIENDT ERIK <erik.devriendt@siemens.com>

Prev by Date: Re: Trying to force password change in SuSE Linux, pam_ldap, openldap 2.1
Next by Date: Re: no structuralObject in entry?
Index(es):
- Chronological
- Thread