[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Admin roles by group membership per OU
Le 11/10/2017 à 17:31, Ervin Hegedüs a écrit :
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to * by * read
olcAccess: {3}to dn.children="ou=ABC Customer,dc=mycompany,dc=hu" by self write by group.exact="cn=groupabcadmin,ou=ABC Customer,dc=mycompany,dc=hu" write by * auth
The rule {2} catches all requests (to * by *) so rule {3} is never applied.
You can do :
olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by
anonymous auth by * none
olcAccess: {1}to dn.base="" by * read
olcAccess: {2}to dn.children="ou=ABC Customer,dc=mycompany,dc=hu" by
self write by group.exact="cn=groupabcadmin,ou=ABC
Customer,dc=mycompany,dc=hu" write by * none
olcAccess: {3}to * by * read
--
Clément OUDOT
Consultant en logiciels libres, Expert infrastructure et sécurité
Savoir-faire Linux
137 boulevard de Magenta - 75010 PARIS
Blog: http://sflx.ca/coudot