[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: I need some help w/ACLs
Rob Tanner <rtanner@linfield.edu> writes:
> We maintain email lists on LDAP for every course section offered at the
> college, and I am moving it from a Netscape Server to OpenLDAP. The LDAP
> structure is a hierarchy of many branches. Basically, a course list entry DN
> for a course section in computer science, looks like this:
>
> uid=2004FA-CSC12001,ou=csc,ou=classlists,o=linfield.edu
>
> The actual entry is in the computer science hierarchy (ou=csc) and the
> computer science hierarchy is in the class lists hierarchy (ou=classlists). I
> need to set up ACLs in OpenLDAP that are functionally equivalent to those in
> the Netscape Server.
>
> The actual courselist entry has an owner attribute containing one or more
> DNs. These are the faculty who need to be able to view and modify the entry.
> That's straight forward enough and not a problem. However, each subject
> hiearchy entry (DN: ou=<subject>,ou=classlists,o=linfield.edu) has a
> uniquemember attribute containg the DNs of those who can view and modify any
> entry in that particular hierarchy. And the classlists hierarchy (DN:
> ou=classlists,o=linfield.edu) has a uniquememeber attribute containg the DNs
> of those who can view and modify any courselist entry.
>
> I'm not at all sure how to setup the ACLs to accomplish that access. Does
> anybody have any guides, or maybe done something similar you'd be willing to
> share?
This sounds as 'set' may meet your requirements
http://www.openldap.org/faq/data/cache/1133.html
http://www.openldap.org/faq/data/cache/1134.html
-Dieter
--
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53