[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Usage of groups in an access control

To: Marco de Booij <marco.maillist@debooy.eu>
Subject: Re: Usage of groups in an access control
From: Michael Ströder <michael@stroeder.com>
Date: Sun, 27 Jan 2013 13:10:09 +0100
Cc: openldap-technical@openldap.org
In-reply-to: <51050765.6080600@debooy.eu>
References: <51050765.6080600@debooy.eu>
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:18.0) Gecko/20100101 Firefox/18.0 SeaMonkey/2.15.1

Marco de Booij wrote:
> access to dn.children="ou=abk1,ou=Addressbooks,dc=example,dc=com"
>         by dn="cn=admin,dc=example,dc=com" write
>         by groupOfNames="cn=abk-admin,ou=Roles,dc=example,dc=com" write
>         by groupOfNames="cn=abk-user,ou=Roles,dc=example,dc=com" read
>         by * none

You should probably read the slapd.access(5) man page more throroughly.

Also the pages in the FAQ-O-MATIC are a good entry point:
http://www.openldap.org/faq/data/cache/189.html

In particular for group-based ACL:
http://www.openldap.org/faq/data/cache/52.html

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

Follow-Ups:
- Re: Usage of groups in an access control
  - From: Marco de Booij <marco.maillist@debooy.eu>

References:
- Usage of groups in an access control
  - From: Marco de Booij <marco.maillist@debooy.eu>

Prev by Date: Usage of groups in an access control
Next by Date: Re: Usage of groups in an access control
Index(es):
- Chronological
- Thread