[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: dnattr access rule



man, 16.08.2004 kl. 00.09 skrev dju`:

> I need to grant access to an entry (and its children) to another entry 
> of my ldap that is listed in a specific attribute.
> 
> I have:
> 
> cn=foo,ou=people,dc=domain,dc=tld
> 
> This entry has a seeAlso attribute, which contains the DN of a user able 
> to modify it.
> 
> seeAlso: uid=bar,ou=users,dc=domain,dc=tld
> 
> I want to make uid=bar,ou=users able to modify cn=foo,ou=people and able 
> to add children to it. The following access rule doesn't seem to be right:
> 
> access to dn="^.*cn=([^,]+),ou=people,dc=domain,dc=tld$"
> 	by dnattr=seeAlso write
> 	by *	none
> 
> Can you give me help for this please? Thanks for feedback.

You don't state your OL version; ACLs are sometimes different for
different versions. However, you could better make a groupOfNames or
groupOfUniqueNames and give that group write access. Works for me ;)

--Tonni

-- 
My other notebook, a Compaq 700EA, is what my cats jump off my knee and
go and sit on, when they've had enough.

mail: tonye@billy.demon.nl
http://www.billy.demon.nl