[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group

To: openldap-software@OpenLDAP.org
Subject: Re: ACL group
From: "Alexandre Garel" <garel.alexandre@agora.msa.fr>
Date: Mon, 16 Aug 2004 14:53:14 +0200
In-reply-to: <20040816093250.53605.qmail@web13122.mail.yahoo.com>
References: <20040816093250.53605.qmail@web13122.mail.yahoo.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.5) Gecko/20031007

lucie wermer a écrit :

Hi,

I have a directory in which people are in the branch "ou=People", and groups in the branch "ou=groups". I need an ACL to autorize an entry "uid=manager,dc=org,dc=fr" to access to the entrees that are member of a specific group. Only this entry can access to the entrees from "ou=people" that are in the group "cn=VIP,ou=groups,dc=org,dc=fr"

I hope I am clear enough. Thanks for any help!

It would be easier to make entries have an attribute employeeType (or manager or whichever you want) attribute which would be set to VIP. So your ACL rule would be : access to dn.children="ou=people,dc=org,dc=fr" filter="(employeeType=VIP)" by "uid=manager,dc=org,dc=fr" write by * none

There is the possibility to use groups but that's to specify the who can access entry (and not which entry can be). So that's the contrary of your problem. I am not such an ACL expert , so I don't know if your original request can be satisfied. Alex.

Follow-Ups:
- Re: ACL group
  - From: "Alexandre Garel" <garel.alexandre@agora.msa.fr>

References:
- ACL group
  - From: lucie wermer <luwermer@yahoo.fr>

Prev by Date: Re: ldapmodify
Next by Date: Search filter
Index(es):
- Chronological
- Thread