[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: set ACL specification/syntax

To: Quanah Gibson-Mount <quanah@zimbra.com>
Subject: Re: set ACL specification/syntax
From: Andrew Cobaugh <phalenor@gmail.com>
Date: Fri, 6 Mar 2009 16:13:56 -0500
Cc: openldap-software@openldap.org
In-reply-to: <92FF08769FA6FC97E60A6550@192.168.1.199>
References: <1b8d56200903061246m421168b7ldd43daeee68538e8@mail.gmail.com> <468FA7BC840673FD209B06CC@192.168.1.199> <1b8d56200903061304q6675db68p25a977331fe5ef29@mail.gmail.com> <92FF08769FA6FC97E60A6550@192.168.1.199>

On Fri, Mar 6, 2009 at 4:10 PM, Quanah Gibson-Mount <quanah@zimbra.com> wrote:
>
> If you set the cn value on every group they are supposed to be able to write
> to, then they'll be able to write to any of those groups. ÂI.e., "this/cn"
> is the group entry in question. ÂI'm assuming you want them to be able to
> write to any group they have control of. ÂIf you don't, then simply remove
> the cn=uid value from the group.

Perhaps I didn't articulate my point well enough.

I want them to be able to *create* these entries on their own, they
won't be pre-created. So, I want them to be able to create entries
under ou=group but only if they are of the form uid:.+

--andy

Follow-Ups:
- Re: set ACL specification/syntax
  - From: Howard Chu <hyc@symas.com>

References:
- set ACL specification/syntax
  - From: Andrew Cobaugh <phalenor@gmail.com>

Prev by Date: Re: set ACL specification/syntax
Next by Date: Re: set ACL specification/syntax
Index(es):
- Chronological
- Thread