I've this estructure
dc=empresa,dc=com
|
Dep1
|
|---------User1
|---------User11
Dep2
|
|---------User2
|---------User22
Dep3
|
|---------User3
|---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1,
User1 and User11 data. --> Dep1 Subtree
I want that User2 and User22 (users under Dep2) can only access to Dep2,
User2 and User22 data. --> Dep2 Subtree
I want that User3 and User33 (users under Dep3) can only access to Dep3,
User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1
access to dn.subtree="ou=Dep1,dc=empresa,dc=com"
by dn.children="ou=Dep1,dc=empresa,dc=com" read
by anonymous auth
by * none
#DEP2 ONLY ACCESS TO DEP2
access to dn.subtree="ou=Dep2,dc=empresa,dc=com"
by dn.children="ou=Dep2,dc=empresa,dc=com" read
by anonymous auth
by * none
#DEP3 ONLY ACCESS TO DEP3
access to dn.subtree="ou=Dep3,dc=empresa,dc=com"
by dn.children="ou=Dep3,dc=empresa,dc=com" read
by anonymous auth
by * none
#ADMIN
access to *
by dn="cn=admin,dc=empresa,dc=com" write
by anonymous auth
by * none
Thanks and bye.