[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control between two domains.
At 12:38 AM 6/19/2006, Manilal K M wrote:
>On 18/06/06, Kurt D. Zeilenga <Kurt@openldap.org> wrote:
>>At 10:33 PM 6/16/2006, Manilal K M wrote:
>>>Hello all,
>>> I have an openldap implementation with a number of domains. Now I
>>>need to grant access permission to the Global Address Book of two
>>>domains. For example my first domain is alpha and second domain is
>>>beta. I want to share the Global Address Book of alpha with beta and
>>>vice versa. I have made a simple configuration in
>>>/etc/openldap/slapd.conf. Here is the acl:
>>>
>>>access to dn.regex="ou=Global Address Book,o=alpha,o=com,c=US"
>>> by dn.regex="uid=(.+),ou=People,o=beta,o=com,c=US" read
>>> by * none
>>>access to dn.regex="ou=Global Address Book,o=beta,o=com,c=US"
>>> by dn.regex="uid=(.+),ou=People,o=alpha,o=com,c=US" read
>>> by * none
>>
>>For any target entry matching the above, only the above
>>apply. The "by * none" sees to that.
>
>I am a bit confused. can u explain it?
It's explained in the Admin Guide (section 6.3.4), in
slapd.access(5), likely the FAQ, and certainly in the
archives of this list.
Kurt