[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: "children" keyword in the field <what> of an ACL

To: <openldap-software@OpenLDAP.org>
Subject: RE: "children" keyword in the field <what> of an ACL
From: François Beretti <francois.beretti@enatel.com>
Date: Fri, 5 Sep 2003 15:11:41 +0200
Importance: Normal
In-reply-to: <m37k4n32i1.fsf@marin.l4b.de>

Hi Dieter,

Thank you for the information !
But using aci would force me to fill the openLDAPaci attribute
every time I add an entry under a user...

Am I wrong ?

If I am not, it's a (ok, little) problem for me because it is going to me
more difficult to maintain than one statement in slapd.conf :)



Francois Beretti

-----Message d'origine-----
De : owner-openldap-software@OpenLDAP.org
[mailto:owner-openldap-software@OpenLDAP.org]De la part de Dieter
Kluenter
Envoyé : vendredi 5 septembre 2003 13:21
À : openldap-software@OpenLDAP.org
Objet : Re: "children" keyword in the field <what> of an ACL

You may want to have a look at access control information (aci). You
could grant permissions to each subentry by defining indiviual access-id's
which could be a users DN. An aci could look like

dn:cn=storage
objectclass:whatever
userPassword:xxxx
openLDAPaci:1.3.6.1.4.1.14658.3.3#entry#grant;w,r,s,c;userPassword#access-id
#cn=admanager,o=kluenter

In this example write access to the attribute userPassword is granted
to the access-id "cn=admanger,o=kluenter". For more info see

http://www.openldap.org/faq/data/cache/634.html

-Dieter

--
Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de
http://www.avci.de


____________
Virus checked by G DATA AntiVirusKit
Version: AVK 12.0.559 from 03.09.2003
Virus news: www.antiviruslab.com

References:
- Re: "children" keyword in the field <what> of an ACL
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: ACL Help...
Next by Date: RE: Front end to openldap?
Index(es):
- Chronological
- Thread