[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control between two domains.



On 18/06/06, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
At 10:33 PM 6/16/2006, Manilal K M wrote:
>Hello all,
>   I have an openldap implementation with a number of domains. Now I
>need to grant access permission to the Global Address Book of two
>domains. For example my first domain is alpha and second domain is
>beta. I want to share the Global Address Book of alpha with beta and
>vice versa. I have made a simple configuration in
>/etc/openldap/slapd.conf. Here is the acl:
>
>access to dn.regex="ou=Global Address Book,o=alpha,o=com,c=US"
>       by dn.regex="uid=(.+),ou=People,o=beta,o=com,c=US" read
>       by * none
>access to dn.regex="ou=Global Address Book,o=beta,o=com,c=US"
>       by dn.regex="uid=(.+),ou=People,o=alpha,o=com,c=US" read
>       by * none

For any target entry matching the above, only the above
apply.  The "by * none" sees to that.

I am a bit confused. can u explain it? regards Manilal