[Date Prev][Date Next]
Re: Advanced ACL configuration?
Daniel Tiefnig wrote:
> access to *
> by selfattr=account write
There's no "selfattr" acl subject to my knowledge.
Maybe the "dnattr" attribute was addressed. It should
be set to the the attribute type that contains the "dn"
of who's allowed to modify an entry. So the modifier's
identity can be listed in the entry itself; e.g., given
dn: cn=Your Group,ou=Groups,dc=your,dc=org
owner: cn=Your Group Owner,ou=People,dc=your,dc=org
access to its members can be:
access to dn="cn=Your Group,ou=Groups,dc=your,dc=org"
by dnattr=member selfwrite
by dnattr=owner write
by * none
so that the owner of the group can add/modify/delete
anybody from the group, while a member can only
Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:firstname.lastname@example.org
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati