[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: OpenLDAP: ACL : urgent

--On Monday, June 07, 2004 5:00 PM +0800 "Sivasakthi d/o Sivagnanam" <sakthi@digicert.com.my> wrote:


I have the following stru for my OpenLDAP DIT:-
ROOT has subtree A and subtree B

How do I go about setting a specific username|password for subtree B so
that only a group of users is able to read only, write only and
read+write ?

There's not a whole lot here to go on.

You don't lock down a tree by username/password. You set up acl's saying what group of users (or users) have access to a tree.


access to dn.base="cn=treeB,dc=digicert,dc=com,dc=my"
      by group.base="cn=usergroup,dc=digicert,dc=com,dc=my" read
      by dn.base="uid=sakthi,dc=digicert,dc=com,dc=my" write
      by * break

or something along those lines.  I suggest reading:

man slapd.access

to see how to do write only (since "write" implies read+write).


Quanah Gibson-Mount
Principal Software Developer
ITSS/Shared Services
Stanford University
GnuPG Public Key: http://www.stanford.edu/~quanah/pgp.html