[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access Control

You should be able to do this.  What you need to do is place your ACLs in
the context for the info you want to protect.  For example, if you want to
protect <Employee Entries>, you would build an ACL there that would say
something to the effect that only people in group "Employees" could use
it.  Same with Vendors (except you would allow employees and vendors in
there).  The key is not to place the ACL at the top level as it will
trickle down and the vendors will then have access to all the
information.  Check out www.openldap.org's faq-o-matic for mor info.  Hope
this helps.


On Thu, 19 Oct 2000, Iddyamadom Santhoshkumar wrote:

> Hi
> The directory structure that I have contains lot of 
> entries under a node. Is it possible to write an 
> ACL so that some entries under that node has no access
> to some other entries. 
> For eg.
>                       (company)
>                    /      |     \  
>                   /       |      \
>                  /        |       \
>              Employees  Vendors   Retailers
>              Entries    Entries   Entries
> REquirement is that each Vendor should not be able to 
> see employee info. The value of "ou" field in each of
> category can be set to different one for eg.
> "Employee" / "vendor" /"retailer" 
> The "dn" of the entries under "company" will be of
> the form
> "uid=<emp/vendor/retail
> name>,ou=People,o=company1,o=com"
> ThanX
> Santhosh
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Messenger - Talk while you surf!  It's FREE.
> http://im.yahoo.com/