[Date Prev][Date Next] [Chronological] [Thread] [Top]

I need some help w/ACLs

To: OpenLDAP-software@OpenLDAP.org
Subject: I need some help w/ACLs
From: Rob Tanner <rtanner@linfield.edu>
Date: Thu, 18 Nov 2004 13:33:10 -0800
Content-disposition: inline

We maintain email lists on LDAP for every course section offered at the
college, and I am moving it from a Netscape Server to OpenLDAP.  The LDAP
structure is a hierarchy of many branches.  Basically, a course list entry DN
for a course section in computer science, looks like this:

   uid=2004FA-CSC12001,ou=csc,ou=classlists,o=linfield.edu

The actual entry is in the computer science hierarchy (ou=csc) and the
computer science hierarchy is in the class lists hierarchy (ou=classlists). I
need to set up ACLs in OpenLDAP that are functionally equivalent to those in
the Netscape Server.

The actual courselist entry has an owner attribute containing one or more
DNs.  These are the faculty who need to be able to view and modify the entry.
That's straight forward enough and not a problem.  However, each subject
hiearchy entry (DN: ou=<subject>,ou=classlists,o=linfield.edu) has a
uniquemember attribute containg the DNs of those who can view and modify any
entry in that particular hierarchy.  And the classlists hierarchy (DN:
ou=classlists,o=linfield.edu) has a uniquememeber attribute containg the DNs
of those who can view and modify any courselist entry.

I'm not at all sure how to setup the ACLs to accomplish that access.  Does
anybody have any guides, or maybe done something similar you'd be willing to
share?

Thanks,
Rob



-- 
Rob Tanner
UNIX Services Manager
Linfield College, McMinnville OR

Follow-Ups:
- Re: I need some help w/ACLs
  - From: "Pierangelo Masarati" <ando@sys-net.it>
- Re: I need some help w/ACLs
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Failed replicating to Active Directory
Next by Date: Audit Suite
Index(es):
- Chronological
- Thread