[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Strange ACL request

To: Jerry Haltom <wasabi@larvalstage.net>, openldap-software@OpenLDAP.org
Subject: Re: Strange ACL request
From: Quanah Gibson-Mount <quanah@stanford.edu>
Date: Wed, 16 Apr 2003 22:17:06 -0700
Content-disposition: inline
In-reply-to: <1050555787.2695.4.camel@kyoto>
References: <1050536551.2887.12.camel@station-1> <12344850.1050513453@cadabra.stanford.edu> <1050540546.1891.17.camel@kyoto> <164878032.1050526818@cadabra-dsl.stanford.edu> <1050555787.2695.4.camel@kyoto>

--On Thursday, April 17, 2003 12:03 AM -0500 Jerry Haltom <wasabi@larvalstage.net> wrote:

I'm not quite sure what you mean. This is the defination for my admins
group.

dn: cn=admins,ou=groups,dc=feedbackplusinc,dc=com
objectClass: top
objectClass: posixGroup
cn: admins
gidNumber: 2000
memberUid: jhaltom
memberUid: lburton

What I gathered from Howard Chu's reply, was that I should add

objectClass: groupOfNames
member: uid=jhaltom,ou=users,dc=feedbackplusinc,dc=com
member: uid=lburton,ou=users,dc=feedbackplusinc,dc=com

and then an ACL such as this would work

access to *
        by dn="cn=root,dc=feedbackplusinc,dc=com" write
        by group.base="cn=admins,ou=groups,dc=feedbackplusinc,dc=com"
write
        by * read

Correct?


Sounds reasonable. :)

--Quanah

--
Quanah Gibson-Mount
Senior Systems Administrator
ITSS/TSS/Computing Systems
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html

References:
- Strange ACL request
  - From: Jerry Haltom <wasabi@larvalstage.net>
- Re: Strange ACL request
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Strange ACL request
  - From: Jerry Haltom <wasabi@larvalstage.net>
- Re: Strange ACL request
  - From: Quanah Gibson-Mount <quanah@stanford.edu>
- Re: Strange ACL request
  - From: Jerry Haltom <wasabi@larvalstage.net>

Prev by Date: Re: Strange ACL request
Next by Date: [Fwd: Event Notification with JNDI]
Index(es):
- Chronological
- Thread