[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access control config

I'm trying to set up a system with a distributed user 
management in such a way that there will be a manager 
for each sub-organization. The manager for one 
suborganization musn't be able to do anything but read 
entrys below other suborgs.
I have tried to filter the privileges giving access 
with access control lists like the following one

access to dn=".*,ou=suborg1,o=org,c=ES"
  by dn="cn=manager-suborg1,ou=suborg1,o=org,c=ES" write

but, to my surprise, I have experienced that with this 
it is forbidden to create new entries for that manager 
even under his suborganization, and to let the manager 
add new entries I have to give him acces to anything 
directly under the whole organization.
Is there a way to give "add-permissions" without having 
to give access to other suborganizations?

Any ideas would be appreciated.

    Joaquín Galeano
    Servicio de Sistemas y Telecomunicaciones
    Cons. Justicia y Administraciones Públicas - 
Generalitat Valenciana

    Tel. (+34) 96 3865461            E-mail:  
    Fax. (+34) 96 3866303