[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL question

Mario Ohnewald a écrit :
I am using openldap 2.2.14.
I would like to give a user the permission to write all the sub-entries of a
E.g. The Production Manager is allowed to maintain his Team. Every team
memeber is allowed to write its own entry.

 		dc=example,dc=net (1)
			o=adressbuch (3)
				cn=Ohnewald Mario
				ou=produktion (3)
					cn=Produktions Leiter

## Auth
access to attr=userPassword
 by self write
 by anonymous auth
Why is the to empty ? I'm not sure it's the problem but you shall write "access to * attr=userPassword"
consider reading slapd.access man page.
# maintaince access to entries and subtrees in produktion for Produktions
access to dn.subtree="ou=produktion,o=adressbuch,dc=example,dc=net"
 by dn="cn=Produktions Leiter,ou=produktion,o=adressbuch,dc=example,dc=net"

## admin access
##self write permissions.
##Rest is none
access to *
 by dn="cn=Ohnewald Mario,o=adressbuch,dc=example,dc=net" write
 by self write
 by * none

I can not even auth with this acl and i am wondering what i am doing wrong
Thanks, Mario