[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control between two domains.



Hello all,
   I have an openldap implementation with a number of domains. Now I
need to grant access permission to the Global Address Book of two
domains. For example my first domain is alpha and second domain is
beta. I want to share the Global Address Book of alpha with beta and
vice versa. I have made a simple configuration in
/etc/openldap/slapd.conf. Here is the acl:

access to dn.regex="ou=Global Address Book,o=alpha,o=com,c=US"
       by dn.regex="uid=(.+),ou=People,o=beta,o=com,c=US" read
       by * none
access to dn.regex="ou=Global Address Book,o=beta,o=com,c=US"
       by dn.regex="uid=(.+),ou=People,o=alpha,o=com,c=US" read
       by * none
#####This is the default permission
access to dn.regex="ou=Global Address Book,o=(.+),o=(.+),c=US"
       by dn.regex=".+@$1\.$2" write
       by * none
##################################################
access to dn.regex="ou=(.+),ou=Personal Address Book,o=(.+),o=(.+),c=US"
       by dn.regex="$1" write
       by * none
access to dn.regex="uid=(.+),ou=People,o=(.+),o=(.+),c=US"
       by self write
       by peername="127\.0\.0\.1" read
       by anonymous auth
       by * none
access to dn="cn=subschema"
       by * read

When I comment the default permission it works , but if I uncomment
them the sharing won't works. Is the above configuration makes sense?

regards
Manilal


-- I would rather be a serf in a poor man's house and be above ground than reign among the dead