[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access Control Question
That did it, better brush up on my ACL syntax.
Thanks - Tod
Patrick Timmons wrote:
> Hi.
>
> I'm guessing you might need the following:
>
> access to dn="ou=another branch,o=Organization Name"
> by dn="uid=12345,ou=people,o=Organization Name" write
> by dn="uid=administrator,o=Organization Name" write
> by * read
>
> PT.
>
> Tod Thomas wrote:
> >
> > I have been testing with the following acl setup:
> >
> > defaultaccess none
> > access to dn=".*,ou=people,o=Organization Name" attr=userpassword
> > by self write
> > by dn="uid=administrator,o=Organization Name" write
> > by * compare
> > access to *
> > by self write
> > by dn="uid=admininistrator,o=Organization Name" write
> > by * read
> >
> > ...which is intended to give anonymous read and password authentication
> > access, individual user update capabilities to their own entry, and
> > global administrative authority. It works.
> >
> > Now I want to create another branch of the DIT and provide the same
> > accessibility as above. In this case though I want to define a
> > supplemental administrator whose global authority is limited to this new
> > branch. Here is what I came up with:
> >
> > defaultaccess none
> > access to dn=".*,ou=another branch,o=Organization Name"
> > by dn="uid=12345,ou=people,o=Organization Name" write
> > by dn="uid=administrator,o=Organization Name" write
> > by * read
> > access to dn=".*,ou=people,o=Organization Name" attr=userpassword
> > by self write
> > by dn="uid=administrator,o=Organization Name" write
> > by * compare
> > access to *
> > by self write
> > by dn="uid=admininistrator,o=Organization Name" write
> > by * read
> >
> > When executing an ldappadd binding with uid=12345... I get an
> > Insufficient access error, I know the password is correct. Can I grant
> > administrative access to specific users for specfic portions of the
> > DIT? If so what am I doing wrong in specifiying my ACL's above?
> >
> > Thanks for any ideas.
> >
> > Tod Thomas