[Date Prev][Date Next] [Chronological] [Thread] [Top]

group acl permissions

To: OpenLDAP-software@OpenLDAP.org
Subject: group acl permissions
From: "John Halfpenny" <jhalfpenny@excite.com>
Date: Thu, 3 Nov 2005 06:43:32 -0500 (EST)

hi everyone.

i'm trying to get to grips with acls on ldap, could someone glance over this snippet of config and tell me why my members in 'Account operators' are only being granted read permission to user attributes? 

thanks!


access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read

access to dn.onelevel="ou=Users,dc=student,dc=local" attrs=entry,@extensibleObject
    by set="user/uid & [cn=Account Operators,ou=Groups,dc=student,dc=local]/memberUid" write
    by * read

access to dn.base="ou=Users,dc=student,dc=local" attrs=children
    by set="user/uid & [cn=Account Operators,ou=Groups,dc=student,dc=local]/memberUid" write
    by * read



_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!

Follow-Ups:
- Re: group acl permissions
  - From: Pierangelo Masarati <ando@sys-net.it>

Prev by Date: Re: malloc: Cannot allocate memory
Next by Date: Re: Need to authenticate non-existent users.
Index(es):
- Chronological
- Thread