[Date Prev][Date Next] [Chronological] [Thread] [Top]

group acl permissions



hi everyone.

i'm trying to get to grips with acls on ldap, could someone glance over this snippet of config and tell me why my members in 'Account operators' are only being granted read permission to user attributes? 

thanks!


access to dn.base="" by * read
access to dn.base="cn=Subschema" by * read

access to dn.onelevel="ou=Users,dc=student,dc=local" attrs=entry,@extensibleObject
    by set="user/uid & [cn=Account Operators,ou=Groups,dc=student,dc=local]/memberUid" write
    by * read

access to dn.base="ou=Users,dc=student,dc=local" attrs=children
    by set="user/uid & [cn=Account Operators,ou=Groups,dc=student,dc=local]/memberUid" write
    by * read



_______________________________________________
Join Excite! - http://www.excite.com
The most personalized portal on the Web!