[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL and ACI define problem

To: Carlos Lozano <clozano@andago.com>
Subject: Re: ACL and ACI define problem
From: Karen R McArthur <kmcarthu@bates.edu>
Date: Wed, 09 Jun 2004 12:16:42 -0400
Cc: openldap-software@OpenLDAP.org
In-reply-to: <20040609130832.GA30592@pc3-18.andago.net>
Organization: Bates College, Information and Library Services
References: <20040609130832.GA30592@pc3-18.andago.net>
User-agent: Mozilla Thunderbird 0.5 (Windows/20040207)

Have you considered setting up a groupOfNames for each section admin group?

dn: ou=sectionAuth,dc=example,dc=com
objectClass: top
objectClass: organizationalUnit
ou: sectionAuth

dn: cn=section1Admins,ou=sectionAuth,dc=example,dc=com
objectClass: top
objectClass: groupOfNames
cn: section1Admins
member: uid=user1,ou=People,dc=example,dc=com
member: uid=user2,ou=People,dc=example,dc=com
member: uid=user3,ou=People,dc=example,dc=com

And then

access to * filter=(sectionField=section1)
   by group.exact="cn=section1Admins,dc=example,dc=com" write


Carlos Lozano wrote:

Hello, I am having problems to define a ACL or ACI, my tree looks like: * cn=user1,ou=users, ... sectionfield=section1 adminfield= * cn=user2,ou=users, ... sectionfield=section1 adminfield=section1 I need a ACL, what does possible: if (userA.adminfield == userB.sectionfield) { userA will have write permission about userB info. } Is it possible? Very thanks, Regards, Carlos.

Follow-Ups:
- Re: ACL and ACI define problem
  - From: Carlos Lozano <clozano@andago.com>

References:
- ACL and ACI define problem
  - From: Carlos Lozano <clozano@andago.com>

Prev by Date: ldapsearch: negate attribute list?
Next by Date: Replog 2GB file size limit on Linux ext3
Index(es):
- Chronological
- Thread