[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allow admin group to write excluding specific users



No, i have seperated Groups like:

dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
cn: IT
objectClass: groupOfUniqueNames
uniqueMember: cn=Some Name1,ou=Users,dc=mydomain,dc=edu,dc=com
uniqueMember: cn=Some Name2,ou=Users,dc=mydomain,dc=edu,dc=com

and all users  under ou=Users,dc=mydomain,dc=edu,dc=com

Thanks

2008/8/14 Gavin Henry <ghenry@openldap.org>:
> Stelios A. wrote:
>>
>> Hello,
>>
>> I have a group called IT and another one called LDAP Admins. There are
>> 5 users under IT and 2 under LDAP Admins.
>> I'm looking for an acl where members of IT (groupOfUniqueNames) can
>> modify/write anywhere under ou=Users.... apart from those users under
>> the LDAP Admins group.
>> Can anyone give me a help about this please.
>>
>> I've found only how to give access to IT group but not how to exclude
>> LDAP Admins (2 in total) where those 2 exist also under IT group.
>>
>> Any ideas?
>
> Your DIT sounds a bit messy. Do you have groups under ou=Users?
>
> What is your design?
>
> BTW, man slapd.access
>
>
> --
> Kind Regards,
>
> Gavin Henry.
> OpenLDAP Engineering Team.
>
> E ghenry@OpenLDAP.org
>
> Community developed LDAP software.
>
> http://www.openldap.org/project/
>



-- 
Stelios A