[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL that makes me crazy

To: Julien Buratto <kannel@linkas.it>
Subject: Re: ACL that makes me crazy
From: Dusty Doris <openldap@mail.doris.cc>
Date: Fri, 28 Jan 2005 16:01:37 -0500 (EST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <41FA924D.5000601@linkas.it>
References: <41FA924D.5000601@linkas.it>

> 'llo there :-D
>
> I've a tree like:
>
> ou=login,o=linkas,c=it # This is where I store users
> ou=info,o=linkas,c=it  # This is where I store data
>
> user "myself" should access:  ou=1,ou=info,o=linkas,c=it
> user "himself" should access: ou=2,ou=info,o=linkas,c=it
> user "herself" should access: ou=3,ou=info,o=linkas,c=it
>
> I want each user be owner of its own tree but I don't want each other
> see other's contents
>
> # This should deny access to anyone, but hey!, keep on reading
> #

Remove this entirely

> access to dn.children="ou=info,o=linkas,c=it"
> 	by users read continue
>          by * none
> #
> # This should allow each user to have access on its own branch
> #

add by * none to each of these

> access to dn.subtree="ou=1,ou=info,o=linkas,c=it"
>          by dn.base="uid=myself,ou=login,o=linkas,c=it" write
		by * none

> access to dn.subtree="ou=2,ou=info,o=linkas,c=it"
>          by dn.base="uid=himself,ou=login,o=linkas,c=it" write
		by * none

> access to dn.subtree="ou=3,ou=info,o=linkas,c=it"
>          by dn.base="uid=herself,ou=login,o=linkas,c=it" write
		by * none
>
>

See what that does for you.

Follow-Ups:
- Re: ACL that makes me crazy
  - From: Linkas <Kannel@linkas.it>

References:
- ACL that makes me crazy
  - From: Julien Buratto <kannel@linkas.it>

Prev by Date: Re: Multimaster Replication
Next by Date: Re: Using Password-hash to create secure passwords..
Index(es):
- Chronological
- Thread