[Date Prev][Date Next]
Access control config
I'm trying to set up a system with a distributed user
management in such a way that there will be a manager
for each sub-organization. The manager for one
suborganization musn't be able to do anything but read
entrys below other suborgs.
I have tried to filter the privileges giving access
with access control lists like the following one
access to dn=".*,ou=suborg1,o=org,c=ES"
by dn="cn=manager-suborg1,ou=suborg1,o=org,c=ES" write
but, to my surprise, I have experienced that with this
it is forbidden to create new entries for that manager
even under his suborganization, and to let the manager
add new entries I have to give him acces to anything
directly under the whole organization.
Is there a way to give "add-permissions" without having
to give access to other suborganizations?
Any ideas would be appreciated.
Servicio de Sistemas y Telecomunicaciones
Cons. Justicia y Administraciones Públicas -
Tel. (+34) 96 3865461 E-mail:
Fax. (+34) 96 3866303