[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Usage of groups in an access control



Marco de Booij wrote:
> access to dn.children="ou=abk1,ou=Addressbooks,dc=example,dc=com"
>         by dn="cn=admin,dc=example,dc=com" write
>         by groupOfNames="cn=abk-admin,ou=Roles,dc=example,dc=com" write
>         by groupOfNames="cn=abk-user,ou=Roles,dc=example,dc=com" read
>         by * none

You should probably read the slapd.access(5) man page more throroughly.

Also the pages in the FAQ-O-MATIC are a good entry point:
http://www.openldap.org/faq/data/cache/189.html

In particular for group-based ACL:
http://www.openldap.org/faq/data/cache/52.html

Ciao, Michael.

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature