Re: unknown LDAP result code (-30990): using groups to manage ACL's

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Thursday, January 29, 2004 7:29 PM -0800 Chris Paul 
<chris.paul@sentinare.net> wrote:
> access to attr=shadowLastChange
>     by dn.base="cn=Manager,dc=company,dc=com" write
>     by group.exact="cn=Administrators,dc=company,dc=com" write

Have you tried group.base?

>     by self write
>     by * compare
>
> access to attr=userPassword
>     by self write
>     by anonymous auth
>     by dn.base="cn=Manager,dc=company,dc=com" write
>     by group="cn=Administrators,dc=company,dc=com" write

group.base?

etc...



>     by * compare
>
> access to dn.children="ou=Customers,dc=company,dc=com"
>     by self write
>     by group="cn=Administrators,dc=company,dc=com" write
>     by users read
>     by * read
>
> access to *
>     by self write
>     by dn.base="cn=Manager,dc=company,dc=com" write
>     by users read
>     by * read
>
> thanks,
>
> CP



--
Quanah Gibson-Mount
Principal Software Developer
ITSS/TSS/Computing Systems
ITSS/TSS/Infrastructure Operations
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html