Re: Usage of groups in an access control

[Marco de Booij <marco.maillist@debooy.eu>]

Like I wrote in my question I already read 
http://www.openldap.org/faq/data/cache/52.html. The entries in my LDAP 
are a near copy of the first part:

dn: ou=abk1,ou=Addressbooks,dc=example,dc=com
ou: abk1
objectClass: organizationalUnit
objectClass: top

dn: cn=abk-admin,ou=Roles,dc=example,dc=com
objectClass: groupOfNames
member: cn=My ENTRY,ou=People,dc=example,dc=com
cn: abk-admin

The slapd.access is an avalanche of information. I confuses me. Also the 
other pages do not make it any clearer to me. I do not see why I should 
use regex expressions. My knowledge is very basic.

I just connect with a member of the group (ex "cn=My 
ENTRY,ou=People,dc=example,dc=com") to the LDAP and insert or delete an 
email address entry.

Regards,

Marco
Op 27-01-13 13:10, Michael Ströder schreef:
> Marco de Booij wrote:
> > access to dn.children="ou=abk1,ou=Addressbooks,dc=example,dc=com"
> >          by dn="cn=admin,dc=example,dc=com" write
> >          by groupOfNames="cn=abk-admin,ou=Roles,dc=example,dc=com" write
> >          by groupOfNames="cn=abk-user,ou=Roles,dc=example,dc=com" read
> >          by * none
> You should probably read the slapd.access(5) man page more throroughly.
>
> Also the pages in the FAQ-O-MATIC are a good entry point:
> http://www.openldap.org/faq/data/cache/189.html
>
> In particular for group-based ACL:
> http://www.openldap.org/faq/data/cache/52.html
>
> Ciao, Michael.