[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control between two domains.



At 12:38 AM 6/19/2006, Manilal K M wrote:
>On 18/06/06, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
>>At 10:33 PM 6/16/2006, Manilal K M wrote:
>>>Hello all,
>>>   I have an openldap implementation with a number of domains. Now I
>>>need to grant access permission to the Global Address Book of two
>>>domains. For example my first domain is alpha and second domain is
>>>beta. I want to share the Global Address Book of alpha with beta and
>>>vice versa. I have made a simple configuration in
>>>/etc/openldap/slapd.conf. Here is the acl:
>>>
>>>access to dn.regex="ou=Global Address Book,o=alpha,o=com,c=US"
>>>       by dn.regex="uid=(.+),ou=People,o=beta,o=com,c=US" read
>>>       by * none
>>>access to dn.regex="ou=Global Address Book,o=beta,o=com,c=US"
>>>       by dn.regex="uid=(.+),ou=People,o=alpha,o=com,c=US" read
>>>       by * none
>>
>>For any target entry matching the above, only the above
>>apply.  The "by * none" sees to that.
>
>I am a bit confused. can u explain it?

It's explained in the Admin Guide (section 6.3.4), in
slapd.access(5), likely the FAQ, and certainly in the
archives of this list.

Kurt