[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Subadmins using Groups ?

To: Carsten Zerbst <carsten.zerbst@atlantec-es.com>
Subject: Re: Subadmins using Groups ?
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Wed, 14 Apr 2004 16:02:54 -0700
Cc: "OpenLDAP-software@OpenLDAP.org" <OpenLDAP-software@OpenLDAP.org>
In-reply-to: <1081977853.2340.108.camel@digitus.olymp>
References: <1081977853.2340.108.camel@digitus.olymp>

See http://www.openldap.org/faq/index.cgi?file=52

At 02:24 PM 4/14/2004, Carsten Zerbst wrote:
>Hello,
>
>I try to define subadmins in Organizations, something like
>
>dc=shincos.de
>        o=MTW
>        cn=Joe Superuser
>        cn=admin (uniqueMember= cn=Joe Superuser,o=MTW,dc=shincos.de)
>
>
>where Joe Superuser should be able to create and modify 
>entries below o=MTW.
>
>My acl says
>
>access to dn.regex="(.+),o=([^,]+),dc=shincos.de$"
>           attrs=children,entry,uid
>      by groupOfUniqueNames.regex="^cn=admin,o=$2,dc=shincos.de$" write
>      by users read
>
>but I could not edit the uid attribute on other users. If I
>remove the attrs line, I'm not even able to login in as
>Joe Superuser.
>
>Any hints ?
>
>Carsten 
>
>        
>-- 
>Carsten Zerbst <carsten.zerbst@atlantec-es.com>

References:
- Subadmins using Groups ?
  - From: Carsten Zerbst <carsten.zerbst@atlantec-es.com>

Prev by Date: Re: Filter...
Next by Date: Re: MAC OS X clients and OpenLDAP
Index(es):
- Chronological
- Thread