[Date Prev][Date Next]
Re: ACL group
Alexandre Garel a écrit :
I just post an hint to another message that shall also do for you. Well,
I just read it in Faq-o-matic, never tested such a thing but maybe it's
what you need. See set explanation at
lucie wermer a écrit :
Hi,It would be easier to make entries have an attribute employeeType (or
manager or whichever you want) attribute which would be set to VIP. So
your ACL rule would be :
I have a directory in which people are in the branch "ou=People", and
groups in the branch "ou=groups".
I need an ACL to autorize an entry
"uid=manager,dc=org,dc=fr" to access to the entrees
that are member of a specific group.
Only this entry can access to the entrees from
"ou=people" that are in the group
I hope I am clear enough.
Thanks for any help!
access to dn.children="ou=people,dc=org,dc=fr"
by "uid=manager,dc=org,dc=fr" write
by * none
There is the possibility to use groups but that's to specify the who
can access entry (and not which entry can be). So that's the contrary
of your problem.
I am not such an ACL expert , so I don't know if your original request
can be satisfied.
With set you can do :
access to dn.one="ou=people,dc=org,dc=fr"
by dn.exact="uid=manager,dc=org,dc=fr" set="this &
by * none
If I am understand well faq-o-matic, this check that user is the manager
and that the intersection of entry dn with the values of member
attribute in VIP group. (of course if you have, say, a
GroupOfUniqueNames you'll have to use uniqueMember instead of member)
It's just an hint, you should try if you like adventure. Maybe ACL guru
on the list could confirm
- ACL group
- From: lucie wermer <email@example.com>
- Re: ACL group
- From: "Alexandre Garel" <firstname.lastname@example.org>