[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP: ACL : urgent

To: openldap-software@OpenLDAP.org
Subject: Re: OpenLDAP: ACL : urgent
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Tue, 08 Jun 2004 16:16:00 -0700
Cc: "Sivasakthi d/o Sivagnanam" <sakthi@digicert.com.my>
Content-disposition: inline
In-reply-to: <003701c44c6d$e4978ce0$9701a8c0@demo1>
References: <003701c44c6d$e4978ce0$9701a8c0@demo1>

--On Monday, June 07, 2004 5:00 PM +0800 "Sivasakthi d/o Sivagnanam" <sakthi@digicert.com.my> wrote:

Hi,

I have the following stru for my OpenLDAP DIT:-
ROOT has subtree A and subtree B

How do I go about setting a specific username|password for subtree B so
that only a group of users is able to read only, write only and
read+write ?


There's not a whole lot here to go on.

You don't lock down a tree by username/password. You set up acl's saying what group of users (or users) have access to a tree.


Like:

access to dn.base="cn=treeB,dc=digicert,dc=com,dc=my"
      by group.base="cn=usergroup,dc=digicert,dc=com,dc=my" read
      by dn.base="uid=sakthi,dc=digicert,dc=com,dc=my" write
      by * break

or something along those lines.  I suggest reading:

man slapd.access

to see how to do write only (since "write" implies read+write).

--Quanah

--
Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- OpenLDAP: ACL : urgent
  - From: "Sivasakthi d/o Sivagnanam" <sakthi@digicert.com.my>

Prev by Date: Re: need suggestion on indexing big directory
Next by Date: Error Compiling OpenLDAP 2.2.12
Index(es):
- Chronological
- Thread