[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: acl issue
On Wed, Dec 19, 2012 at 04:39:50PM +0530, anil beniwal wrote:
> First one is working fine, 2nd one is not allowing to write access to Vpwrite
> user.
The second ACI is for Vwrite and Vread, not Vpwrite...
> Scanerio is we want to delegate read access to all the attributes to one user
> and other user to write access to all the attributes.
>
>
> This is for login.
>
>
> access to attrs=userPassword
>
> by self write
>
> by dn="cn=Vpwrite,ou=businessUsersGroup,dc=example,dc=com"
> write
>
> by dn="cn=Vpread,ou=businessUsersGroup,dc=example,dc=com"
> read
>
> by anonymous auth
>
> by * break
You may not want that 'by * break' clause.
It will allow both Vread and Vwrite to access the password
attribute.
> Read/Write access
>
> access to *
>
> by dn="cn=Vwrite,ou=businessUsersGroup,dc=example,dc=com"
> write
>
> by dn="cn=Vread,ou=businessUsersGroup,dc=example,dc=com"
> read
>
> by * none
Did you really intend to have four users here, or just two?
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------
- References:
- acl issue
- From: anil beniwal <beni.anil@gmail.com>