[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Openldap fine grained / advanced ACLs
Faraz R. Khan wrote:
So basically I can do:
to * by cn=admin,dc=company,dc=com add by cn=faraz,dc=company,dc=com zap
That is indeed not documented anywhere. Will start an ITS
Not exactly like that, but sort of:
access to *
by "cn=admin,dc=company,dc=com" "=a"
by "cn=faraz,dc=company,dc=com" "=z"
If those identities need further privileges (e.g. search or so) they
must be explicitly listed, namely
access to *
by "cn=admin,dc=company,dc=com" "=dxcsra"
by "cn=faraz,dc=company,dc=com" "=dxcsrz"
See slapd.access(5) for details about the syntax and the meaning of each
symbol.
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Email: ando@sys-net.it
-----------------------------------