[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL syntax for delegating a subdomain to a group
> {0}to attrs=userPassword by self write by anonymous auth by
> dn.children="ou=admins,dc=example,dc=com" write by
> group.exact="cn=cust_support,ou=group,dc=example,dc=com" write by * none
> {1}to dn.subtree="ou=subdomain,ou=People,dc=example,dc=com" by self write by
> dn.children="ou=admins,dc=example,dc=com" write by
> group.exact="cn=cust_support,ou=group,dc=example,dc=com" write by * read
> {2}to * by self write by dn.children="ou=admins,dc=example,dc=com" write by
> * read
>
> I have tried making cn=cust_support,ou=group,dc=example,dc=com both a
> posixGroup, and a groupOfNames. Both of them, when I go to save a new
> users, I get "insufficient access"
>
> If anyone could guide me in the correct direction, it would be greatly
> appreciated..
Hi Brian,
Your best bet is to set up something in your dev environment, if you
haven't already, then for ease switch to a simple slapd.conf testing
your ACLs with slapacl and/or ldapsearch. Once, happy convert the
slapd.conf to a slapd.d setup and reference the right LDIF output to
import/update on your test environment. Then once double happy make
live.
Best way to learn, sorry :-)
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
Suretec Systems is a limited company registered in Scotland. Registered
number: SC258005. Registered office: 24 Cormack Park, Rothienorman, Inverurie,
Aberdeenshire, AB51 8GL.
Subject to disclaimer at http://www.suretecgroup.com/disclaimer.html
Do you know we have our own VoIP provider called SureVoIP? See
http://www.surevoip.co.uk
Did you see our API news?
http://www.surevoip.co.uk/news-events/surevoip-launches-innovative-api