[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (Senza oggetto)

To: <erik.devriendt@siemens.com>
Subject: Re: (Senza oggetto)
From: "Pierangelo Masarati" <ando@sys-net.it>
Date: Wed, 17 Dec 2003 14:14:52 +0100 (CET)
Cc: <openldap-software@OpenLDAP.org>
Importance: Normal
In-reply-to: <6B5EC7714F68974C9313EB2C24D8CD5A034669DD@brub002a.siemens.be>
References: <6B5EC7714F68974C9313EB2C24D8CD5A034669DD@brub002a.siemens.be>

> Hi,
>
> I want to give write access to a group object 'g1' (groupOfUniqueNames)
> only to people that are member of that group AND are member of
> another group 'admin'.
> How do I formulate that in an ACL ?

use access privileges as follows:

access to <smtg>
    by group/groupOfUniqueNames/uniquMember.exact=<group1> -r continue
    by group/groupOfUniqueNames/uniquMember.exact=<group2> +r stop
    by * none

which means: if access is allowed by group 1,
disable read, but continue to the following
by clause in the same access rule; if also group 2
matches, enable read and exit.

This should do the job.

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it

References:
- [no subject]
  - From: DEVRIENDT ERIK <erik.devriendt@siemens.com>

Prev by Date: Trying to force password change in SuSE Linux, pam_ldap, openldap 2.1
Next by Date: Running slapd and user authentication
Index(es):
- Chronological
- Thread