[Date Prev][Date Next]
Re: Access control
At 07:52 AM 4/22/01, Weston Bustraan wrote:
>I've been reading the docs on access control, but I'm having a hard time
>figuring out how to do a few things.
>I would like to grant full access to people with a certain gidNumber, so
>that I can grant them admin status just by setting their gidNumber to the
>'admin' group. Can anyone give me some pointers on how to do this?
Write code. OpenLDAP doesn't support any ACL/ACI feature which
would allow you to do that.
>Also, how would I configure LDAP so that users are able to modify their
>own entry and entries below them in the tree, but nothing else?
This can be done with regex.
access to dn=".+,\(uid=[^,]+,ou=people,dc=example,dc=com\)"
by dn="$1" write
access to *
by self write
You'll, of course, need to adjust that as needed for your naming
and existing ACLs.