Am Wed, 13 Nov 2013 16:11:03 +0100 schrieb Denny Fuchs <linuxmail@4lin.net>: > hi, > > I plan the new ACL layout for our Wheezy LDAP server. > > Our layout: > > Main suffix: dc=example,dc=com > > than the first department: > > ou=department1,dc=example,dc=com > ou=people,ou=department1,dc=example,dc=com > uid=foobar,ou=people,ou=department1,dc=example,dc=com > [...] > > ou=groups,ou=department1,dc=example,dc=com > gid=students,ou=groups,ou=department1,dc=example,dc=com > [...] > > ou=roles,ou=department1,dc=example,dc=com > cn=mail,ou=roles,ou=department1,dc=example,dc=com > cn=admins,ou=roles,ou=department1,dc=example,dc=com > > ou=services,ou=department1,dc=example,dc=com > ou=mail,ou=services,ou=department1,dc=example,dc=com > cn=aliases,ou=mail,ou=services,ou=department1,dc=example,dc=com > [...] > > next department2, the same: > > ou=department2,dc=example,dc=com > ou=people,ou=department2,dc=example,dc=com > uid=foobar,ou=people,ou=department2,dc=example,dc=com > > [...] > [...] > .... > > complete the same one, as department1 > > Now I stuck on the ACLs. I want to make use of RegEx, so that every > department has its own roles, groups and admins and access only to > there (for example) services. [...] You may want to read http://www.openldap.org/faq/data/cache/1133.htm http://www.openldap.org/faq/data/cache/1134.html -Dieter -- Dieter KlÃnter | Systemberatung http://dkluenter.de GPG Key ID:DA147B05 53Â37'09,95"N 10Â08'02,42"E
Attachment:
signature.asc
Description: PGP signature