[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: allow admin group to write excluding specific users



----- "Stelios A." <stelios.a@gmail.com> wrote:

> No, i have seperated Groups like:
> 
> dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr
> cn: IT
> objectClass: groupOfUniqueNames
> uniqueMember: cn=Some Name1,ou=Users,dc=mydomain,dc=edu,dc=com
> uniqueMember: cn=Some Name2,ou=Users,dc=mydomain,dc=edu,dc=com
> 
> and all users  under ou=Users,dc=mydomain,dc=edu,dc=com

OK, just grant one group write and not the other. Remember,
ACLs are accessed from top down. There are plenty of examples 
on the FAQ:

http://www.openldap.org/faq/data/cache/52.html

Again, also read the man page.

Thanks.

-- 
Kind Regards,

Gavin Henry.

T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry@suretecsystems.com

Open Source. Open Solutions(tm).

http://www.suretecsystems.com/