[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Admin roles by group membership per OU



--On Monday, October 16, 2017 5:55 PM +0200 Ervin Hegedüs <airween@gmail.com> wrote:


without any real testing, I'm afraid that the rule{0} gives the
write access to cn=groupabcadmin to _all_ db, not just the ou=ABC
Cumstomer subtree.

Em I right?

Hm, yes, that's correct. You'll need to do something like utilize by * break appropriately, or have multiple "access to userPassword" ACLs by group, then a catchall after that.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>