[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACLs for children entry
- To: openldap-technical@openldap.org
- Subject: ACLs for children entry
- From: Natalia <nata.cs2@gmail.com>
- Date: Thu, 22 Mar 2012 14:22:45 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=aO/x1GViG46BZSc7xtzqwKA7ebn9wcwk5FL/tohE1oo=; b=J2U4Jn/cMZBnzX0RaFOeBMyTrhUP5zSpeuvPFZ+2yxK+5v2R5LSrqkI+ApT+qWbz+m UNSAXkkpM/TWR8AJXxnNedlbWzDVYouAFsdxVjGkjzMig/867zC8CFVwZ+rqBAoO0qeI QJuOIDpwJmoaa/vdMSNf5Xw2vJFqaL+Mm5yy7xHqG9cxN0+FdP6CUahucsEvGM8H/1yQ Ygs5hg4KfOKeDo/FEBR2k0ERbXjiFSZO1MVyd8usOmXt7Dgv7pmPFXk8Lx/jrFtRU9GV it5eaihoPRxDhdI2tyZXVNikz6Oo1hnOIuMPMdEL3TxymtKYZ93VFVJUMXDByrTgeeO7 aC4g==
Hello,
I have the following tree structure in LDAP:
ou=people,dc=example,dc=com
uid=user1,ou=people,dc=example,dc=com
cn=child1,uid=user1,ou=people,dc=example,dc=com
cn=child2,uid=user1,ou=people,dc=example,dc=com
uid=user2,ou=people,dc=example,dc=com
..
I would like
to make access in such a way: if father's account (uid=user1,ou=people,dc=example,dc=com) is inactivated
(description=inaktiv), all children become inaccessible.
I have tried with this, but it has not functioned:
to dn.regex="uid=([^,]+),ou=people,dc=example,dc=com" filter="(description=inaktiv)" attrs=children
by group.exact="cn=ldapadmin,dc=example,dc=com" tls_ssf=128 sasl_ssf=56 write
by * none
Is it possible to implement such a thing?
Thanks in advance for help!
Natalia