[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: unknown LDAP result code (-30990): using groups to manage ACL's





--On Thursday, January 29, 2004 7:29 PM -0800 Chris Paul <chris.paul@sentinare.net> wrote:
access to attr=shadowLastChange
    by dn.base="cn=Manager,dc=company,dc=com" write
    by group.exact="cn=Administrators,dc=company,dc=com" write

Have you tried group.base?

    by self write
    by * compare

access to attr=userPassword
    by self write
    by anonymous auth
    by dn.base="cn=Manager,dc=company,dc=com" write
    by group="cn=Administrators,dc=company,dc=com" write

group.base?

etc...



    by * compare

access to dn.children="ou=Customers,dc=company,dc=com"
    by self write
    by group="cn=Administrators,dc=company,dc=com" write
    by users read
    by * read

access to *
    by self write
    by dn.base="cn=Manager,dc=company,dc=com" write
    by users read
    by * read

thanks,

CP




-- Quanah Gibson-Mount Principal Software Developer ITSS/TSS/Computing Systems ITSS/TSS/Infrastructure Operations Stanford University GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html