[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access control question

Hello All,

I am faced with the following problem.
This is the kind of tree in my openldap database
                 |--------GroupA   <.....
                 |--------GroupB    <......
Admin-- root---- GroupC    <  .....   more children
                 |------- Group D    <......
                 | --------Group E   <......
Note each group has it's own children
I want define the Acl like this:
1.the child node can read other node on level  in same group
2.father node can write it's own children
3.child node can read it's own father node
4.every node can write itself
Now the access control section is as follows:
access to attr=userpassword
    by self write
    by anonymous auth
access to *
    by self write
    by dn="(.children)" read     
access to dn=".children,.children,dc=com"
 by dn=".children,dc=com" write
access to *
    by self write   
    by users read   
    by anonymous none        
but it can not work ,how can i write the access control