[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: dnattr access rule
man, 16.08.2004 kl. 00.09 skrev dju`:
> I need to grant access to an entry (and its children) to another entry
> of my ldap that is listed in a specific attribute.
>
> I have:
>
> cn=foo,ou=people,dc=domain,dc=tld
>
> This entry has a seeAlso attribute, which contains the DN of a user able
> to modify it.
>
> seeAlso: uid=bar,ou=users,dc=domain,dc=tld
>
> I want to make uid=bar,ou=users able to modify cn=foo,ou=people and able
> to add children to it. The following access rule doesn't seem to be right:
>
> access to dn="^.*cn=([^,]+),ou=people,dc=domain,dc=tld$"
> by dnattr=seeAlso write
> by * none
>
> Can you give me help for this please? Thanks for feedback.
You don't state your OL version; ACLs are sometimes different for
different versions. However, you could better make a groupOfNames or
groupOfUniqueNames and give that group write access. Works for me ;)
--Tonni
--
My other notebook, a Compaq 700EA, is what my cats jump off my knee and
go and sit on, when they've had enough.
mail: tonye@billy.demon.nl
http://www.billy.demon.nl