[Date Prev][Date Next] [Chronological] [Thread] [Top]

Access Control by Organizational Unit?

I would like to implement an ldap scheme so that each
department which is an organizational unit has a
person who can control the entries for their
department and no others.  

By this I mean that that person will have the right to
add/delete/modify entries in their own ou only.

I am new at this, and somewhat confused.  It seems
from some of the answers I have found in the list
archives suggest this is the case, and it seems so
from reading the docs, especially the Chapter 5 Access
Control section.   But, I am a little confused by the
syntax there.  I can find no "real-world" examples of
how to set this up in the /etc/openldap/slapd.conf
configuration file.  

This is on a Fedora Core 1 system.

Does anyone have any examples of how to do this while
allowing the overall ldap-admin acces to all?  Or a
pointer to some (any) examples?

Thanks in advance,


Do you Yahoo!?
SBC Yahoo! - Internet access at a great low price.