[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Newbie Question on access control
Hi,
I am going to be moving from the Netscape commercial server to OpenLDAP, and while I have the ACIs in Netscape down pretty well, I'm having a bit of trouble duplicating the access on OpenLDAP.
Right off the bat, I want to grant read access to everybody to those entries in the "ou=people,o=linfield.edu" subtree, but I need to restrict access to that students who have elected to keep directory info private don't have LDAP entries that are generally readable.
Here's the access rule I wrote:
access to dn.subtree="ou=people,o=linfield.edu"
filter="(&(!(ferpaStatus=Private))(!(entryStatus=Inactive))(ou=Student))"
by * read
The effect of the access rule, however, is to deny access to all entries. What am I doing wrong?
Thanks,
Rob
--
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR