[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control

At 07:52 AM 4/22/01, Weston Bustraan wrote:
>I've been reading the docs on access control, but I'm having a hard time
>figuring out how to do a few things.
>I would like to grant full access to people with a certain gidNumber, so
>that I can grant them admin status just by setting their gidNumber to the
>'admin' group. Can anyone give me some pointers on how to do this?

Write code.  OpenLDAP doesn't support any ACL/ACI feature which
would allow you to do that.

>Also, how would I configure LDAP so that users are able to modify their
>own entry and entries below them in the tree, but nothing else?

This can be done with regex.

access to dn=".+,\(uid=[^,]+,ou=people,dc=example,dc=com\)"
        by dn="$1" write

access to *
        by self write

You'll, of course, need to adjust that as needed for your naming
and existing ACLs.