[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACCESS LIST



Isaac Gonzalez wrote:
Hi,
I've this estructure

dc=empresa,dc=com
                           |
                       Dep1
                           |
                           |---------User1
                           |---------User11
                       Dep2
                           |
                           |---------User2
                           |---------User22
                       Dep3
                           |
                           |---------User3
                           |---------User33


I want that User1 and User11 (users under Dep1) can only access to Dep1, User1 and User11 data. --> Dep1 Subtree I want that User2 and User22 (users under Dep2) can only access to Dep2, User2 and User22 data. --> Dep2 Subtree I want that User3 and User33 (users under Dep3) can only access to Dep3, User3 and User33 data. --> Dep3 Subtree

It's correct this ACL? Can't be more simple?

#DEP1 ONLY ACCESS TO DEP1
access to dn.subtree="ou=Dep1,dc=empresa,dc=com"
        by dn.children="ou=Dep1,dc=empresa,dc=com" read
        by anonymous auth
        by * none

#DEP2 ONLY ACCESS TO DEP2
access to dn.subtree="ou=Dep2,dc=empresa,dc=com"
        by dn.children="ou=Dep2,dc=empresa,dc=com" read
        by anonymous auth
        by * none

#DEP3 ONLY ACCESS TO DEP3
access to dn.subtree="ou=Dep3,dc=empresa,dc=com"
        by dn.children="ou=Dep3,dc=empresa,dc=com" read
        by anonymous auth
        by * none

#ADMIN
access to *
        by dn="cn=admin,dc=empresa,dc=com" write
        by anonymous auth
        by * none


Thanks and bye.




Have you resolved this?

--
Kind Regards,

Gavin Henry.
Managing Director.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/