[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL that makes me crazy



> 'llo there :-D
>
> I've a tree like:
>
> ou=login,o=linkas,c=it # This is where I store users
> ou=info,o=linkas,c=it  # This is where I store data
>
> user "myself" should access:  ou=1,ou=info,o=linkas,c=it
> user "himself" should access: ou=2,ou=info,o=linkas,c=it
> user "herself" should access: ou=3,ou=info,o=linkas,c=it
>
> I want each user be owner of its own tree but I don't want each other
> see other's contents
>
> # This should deny access to anyone, but hey!, keep on reading
> #

Remove this entirely

> access to dn.children="ou=info,o=linkas,c=it"
> 	by users read continue
>          by * none
> #
> # This should allow each user to have access on its own branch
> #

add by * none to each of these

> access to dn.subtree="ou=1,ou=info,o=linkas,c=it"
>          by dn.base="uid=myself,ou=login,o=linkas,c=it" write
		by * none

> access to dn.subtree="ou=2,ou=info,o=linkas,c=it"
>          by dn.base="uid=himself,ou=login,o=linkas,c=it" write
		by * none

> access to dn.subtree="ou=3,ou=info,o=linkas,c=it"
>          by dn.base="uid=herself,ou=login,o=linkas,c=it" write
		by * none
>
>

See what that does for you.