[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Group with admin priviledges
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
access to *
~ by group.base="cn=admins,dc=cellnet,dc=com" write
~ by * read
| --On Thursday, February 19, 2004 9:15 AM -0600 "Aaron M. Hirsch"
| <Aaron.Hirsch@atosorigin.com> wrote:
|
|> ~ by dn.base="cn=admins,dc=cellnet,dc=com" write
|
|
| 1) You need to use the group.base directive
| group.base="cn=admins,dc=cellnet,dc=com"
|
I modified the by dn.base to group.base
access to attrs=userPassword,telephoneNumber,mobile,mail
~ by self write
~ by anonymous auth
~ by group.base="cn=admins,dc=cellnet,dc=com" write
~ by * none
| 2) For groups, you use the member attribute, indicating the fully
| qualified DN's that the entities will have when binding:
|
I also changed the objectClass of admins to groupOfNames per your advice.
| dn: cn=ldapAdmin,cn=Applications,dc=stanford,dc=edu objectClass:
| groupOfNames cn: ldapAdmin member:
| uid=quanah,cn=Accounts,dc=stanford,dc=edu
All is working now! Thanks alot for your help!
- --
Aaron M. Hirsch
Atos Origin - Cellnet
11146 Thompson Ave.
Lenexa, KS 66219
Work:(913) 312-4717
Fax:(913) 312-4701
Mobile:(913) 284-9094
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFANQpNgBD+XyMGAPwRAoYQAKCT+FpNApS4MCqTht4anZuXsPTW9QCeNwRe
AVLY3Oip71wXj20prxqkJ+0=
=Veeq
-----END PGP SIGNATURE-----