[Date Prev][Date Next]
Re: allow admin group to write excluding specific users
No, i have seperated Groups like:
uniqueMember: cn=Some Name1,ou=Users,dc=mydomain,dc=edu,dc=com
uniqueMember: cn=Some Name2,ou=Users,dc=mydomain,dc=edu,dc=com
and all users under ou=Users,dc=mydomain,dc=edu,dc=com
2008/8/14 Gavin Henry <firstname.lastname@example.org>:
> Stelios A. wrote:
>> I have a group called IT and another one called LDAP Admins. There are
>> 5 users under IT and 2 under LDAP Admins.
>> I'm looking for an acl where members of IT (groupOfUniqueNames) can
>> modify/write anywhere under ou=Users.... apart from those users under
>> the LDAP Admins group.
>> Can anyone give me a help about this please.
>> I've found only how to give access to IT group but not how to exclude
>> LDAP Admins (2 in total) where those 2 exist also under IT group.
>> Any ideas?
> Your DIT sounds a bit messy. Do you have groups under ou=Users?
> What is your design?
> BTW, man slapd.access
> Kind Regards,
> Gavin Henry.
> OpenLDAP Engineering Team.
> E ghenry@OpenLDAP.org
> Community developed LDAP software.