[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: restric access to a group
I'm not sure: is "group" in ACL only for the groupOfNames objectclass (and
not groupOfUniqueNames)? Take a look at this and try the alternate syntax
suggested:
http://www.openldap.org/faq/index.cgi?file=52
> From: Vincent MATHIEU <Vincent.Mathieu@univ-nancy2.fr>
> Date: Mon, 29 Jan 2001 15:15:20 +0100
> To: openldap-software@OpenLDAP.org
> Subject: restric access to a group
>
> Hi,
>
> I'd like to give write permission to a group (GroupOfUniquenames).
>
> For example, in my slapd.conf :
>
> defaultaccess none
>
> access to dn=ou=prem,ou=Pers,dc=univ-nancy2,dc=fr
> by dn="uid=toto,ou=people,ou=pers,dc=univ-nancy2,dc=fr" write
> by group="cn=group1,ou=groups,ou=pers,dc=univ-nancy2,dc=fr" write
> by * read
>
> Here is the group :
> dn: cn=Group1,ou=Groups,ou=Pers,dc=univ-nancy2,dc=fr
> cn: Group1
> objectClass: top
> objectClass: groupOfUniqueNames
> uniqueMember: uid=titi,ou=People,ou=Pers,dc=univ-nancy2,dc=fr
>
>
> I can write in ou=prem,ou=Pers,dc=univ-nancy2,dc=fr if I bind with the uid
> toto, but I can't write if I bind with the uid titi (ldap_add: Insufficient
> access, additional info: no write access to parent).
>
> How can I do that?
>
> Thank's
>
> Vincent
> --
> Vincent MATHIEU
> CRI - Universite NANCY 2 | Email : Vincent.Mathieu@univ-nancy2.fr
> Pole Lorrain de Gestion | Tel : (33) 03.83.39.64.06
> 13, Rue Michel Ney - C.O. 75 | Fax : (33) 03.83.39.64.43
> 54013 Nancy Cedex. FRANCE
>
>