[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLQuestion



Hallo

I have a problem with acl. We have following sturctur.

dc=a,dc=b,dc=c
|
|-ou=ww-a
|
|-ou=ww-b
|
|-ou=ww-c
|
|-ou=ww-x
|
|-ou=system

In each ww-a,b,c...x have we users and groups.
In system we have system account (in groups and users)

When we search with an ldap client like thunderbird addressbook, the users in system should not be visible.

I use follow rule didn't run:

olcAccess: {1}to filter="(objectclass=inetOrgperson)" attrs=entry,uid,sn,cn,mail,givenName by dn="cn=ad,ou=sys_ad,ou=people,dc=a,dc=b,dc=c" read by * none

the following rule, i found all users (incl. ad, admin and so on)

olcAccess: {1}to filter="(objectclass=*)" attrs=entry,uid,sn,cn,mail,givenName by dn="cn=ad,ou=system,dc=a,dc=b,dc=c" read by * none


I want to avoid regex when posible.

Karl Heinz