[Date Prev][Date Next] [Chronological] [Thread] [Top]

ldap acl question



Dear all,

 

I've got a little ACL problem with openldap 2.2. My ldap tree is very simple, like this:

 

dc=example,dc=tld

 +ou=A,dc=example,dc=tld

  +cn=postmaster,ou=A,dc=example,dc=tld

  +cn=user1,ou=A,dc=example,dc=tld

  +cn=user2,ou=A,dc=example,dc=tld

  +....

 +ou=B,dc=example,dc=tld

  +cn=postmaster,ou=B,dc=example,dc=tld

  +cn=user1,ou=B,dc=example,dc=tld

  +cn=user2,ou=B,dc=example,dc=tld

  +....

 +....

 

I want to set an ACL, what allow:

 

- postmaster can write all attributes only in own OU

- when the postmaster bind to the ldap server, see only own ou as a "root dn", ( like an "ldap jail" :) )

 

Thanks for help, and sorry for my bad English,

 

Best Regards,

Thomas