[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Usage of groups in an access control

Like I wrote in my question I already read http://www.openldap.org/faq/data/cache/52.html. The entries in my LDAP are a near copy of the first part:

dn: ou=abk1,ou=Addressbooks,dc=example,dc=com
ou: abk1
objectClass: organizationalUnit
objectClass: top

dn: cn=abk-admin,ou=Roles,dc=example,dc=com
objectClass: groupOfNames
member: cn=My ENTRY,ou=People,dc=example,dc=com
cn: abk-admin

The slapd.access is an avalanche of information. I confuses me. Also the other pages do not make it any clearer to me. I do not see why I should use regex expressions. My knowledge is very basic.

I just connect with a member of the group (ex "cn=My ENTRY,ou=People,dc=example,dc=com") to the LDAP and insert or delete an email address entry.


Op 27-01-13 13:10, Michael Ströder schreef:
Marco de Booij wrote:
access to dn.children="ou=abk1,ou=Addressbooks,dc=example,dc=com"
         by dn="cn=admin,dc=example,dc=com" write
         by groupOfNames="cn=abk-admin,ou=Roles,dc=example,dc=com" write
         by groupOfNames="cn=abk-user,ou=Roles,dc=example,dc=com" read
         by * none
You should probably read the slapd.access(5) man page more throroughly.

Also the pages in the FAQ-O-MATIC are a good entry point:

In particular for group-based ACL:

Ciao, Michael.