[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL group



lucie wermer a écrit :

Hi,

I have a directory in which people are in the branch "ou=People", and groups in the branch "ou=groups".
I need an ACL to autorize an entry
"uid=manager,dc=org,dc=fr" to access to the entrees
that are member of a specific group.
Only this entry can access to the entrees from
"ou=people" that are in the group
"cn=VIP,ou=groups,dc=org,dc=fr"


I hope I am clear enough.
Thanks for any help!


It would be easier to make entries have an attribute employeeType (or manager or whichever you want) attribute which would be set to VIP. So your ACL rule would be :
access to dn.children="ou=people,dc=org,dc=fr" filter="(employeeType=VIP)"
by "uid=manager,dc=org,dc=fr" write
by * none


There is the possibility to use groups but that's to specify the who can access entry (and not which entry can be). So that's the contrary of your problem.
I am not such an ACL expert , so I don't know if your original request can be satisfied.
Alex.