[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Am I still struggling with ACLs?





--On Monday, July 19, 2004 4:08 PM +0200 Alexandre Garel <garel.alexandre@agora.msa.fr> wrote:

dn: cn=Domain Users,ou=Groups,dc=cougarnet,dc=bible,dc=edu
changetype: modify
add: memberUid
memberUid: JasonStroup

So are you saying I need to write the ACL like this:
access to * by group/posixGroup/memberUid="cn=Domain
Admins,ou=Groups,dc=cougarnet,dc=bible,dc=edu" write



Yes, but I just refer to the documentation since I never use it myself.


What is the default object class that would not require me to do it this way?


'groupOfNames' with attribute 'member' according to http://www.openldap.org/faq/data/cache/452.html

That is correct, and with the member: attribute, it wants the fully qualifed DN of the entity. Quick example:


cn=ldapadmin,dc=stanford,dc=edu
changetype:modify
add:member
member: uid=quanah,cn=accounts,dc=stanford,dc=edu

Says that my account entry is what has access. When I bind to the server, I get mapped to my account entry.

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html