Re: Am I still struggling with ACLs?

[Quanah Gibson-Mount <quanah@stanford.edu>]

--On Monday, July 19, 2004 4:08 PM +0200 Alexandre Garel 
<garel.alexandre@agora.msa.fr> wrote:

> dn: cn=Domain Users,ou=Groups,dc=cougarnet,dc=bible,dc=edu
> changetype: modify
> add: memberUid
> memberUid: JasonStroup
>
> So are you saying I need to write the ACL like this:
> access to * by group/posixGroup/memberUid="cn=Domain
> Admins,ou=Groups,dc=cougarnet,dc=bible,dc=edu" write
>
>
>
> Yes, but I just refer to the documentation since I never use it myself.
>
>
> What is the default object class that would not require me to do it this
> way?
>
>
> 'groupOfNames' with attribute 'member' according to
> http://www.openldap.org/faq/data/cache/452.html

That is correct, and with the member: attribute, it wants the fully 
qualifed DN of the entity.  Quick example:

cn=ldapadmin,dc=stanford,dc=edu
changetype:modify
add:member
member: uid=quanah,cn=accounts,dc=stanford,dc=edu

Says that my account entry is what has access.  When I bind to the server, 
I get mapped to my account entry.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html