Re: I need some help w/ACLs

[Dieter Kluenter <dieter@dkluenter.de>]

Rob Tanner <rtanner@linfield.edu> writes:

> We maintain email lists on LDAP for every course section offered at the
> college, and I am moving it from a Netscape Server to OpenLDAP.  The LDAP
> structure is a hierarchy of many branches.  Basically, a course list entry DN
> for a course section in computer science, looks like this:
>
>    uid=2004FA-CSC12001,ou=csc,ou=classlists,o=linfield.edu
>
> The actual entry is in the computer science hierarchy (ou=csc) and the
> computer science hierarchy is in the class lists hierarchy (ou=classlists). I
> need to set up ACLs in OpenLDAP that are functionally equivalent to those in
> the Netscape Server.
>
> The actual courselist entry has an owner attribute containing one or more
> DNs.  These are the faculty who need to be able to view and modify the entry.
> That's straight forward enough and not a problem.  However, each subject
> hiearchy entry (DN: ou=<subject>,ou=classlists,o=linfield.edu) has a
> uniquemember attribute containg the DNs of those who can view and modify any
> entry in that particular hierarchy.  And the classlists hierarchy (DN:
> ou=classlists,o=linfield.edu) has a uniquememeber attribute containg the DNs
> of those who can view and modify any courselist entry.
>
> I'm not at all sure how to setup the ACLs to accomplish that access.  Does
> anybody have any guides, or maybe done something similar you'd be willing to
> share?

This sounds as 'set' may meet your requirements
http://www.openldap.org/faq/data/cache/1133.html
http://www.openldap.org/faq/data/cache/1134.html

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53