[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: simple acl

To: openldap-software@OpenLDAP.org
Subject: Re: simple acl
From: "Mario Ohnewald" <mario.Ohnewald@gmx.de>
Date: Thu, 24 Jun 2004 13:17:17 +0200 (MEST)
References: <34336.131.175.154.56.1087997073.squirrel@131.175.154.56>

Hi again,
i have a little more advanced ACL now. (Openldap 2.2.14)
My aim is to allow the admin full write permissions, and the room admins to
be able to manage their ou=room1 and room2.

Here is my acl:

## Auth users
access to attr=userPassword
 by self write
 by anonymous auth
 by * none

## Full Admin Access
access to *
 by self write
 by dn="cn=admin,o=addressbook,dc=example,dc=net" write
 by * read

## room1 admin access limited to ou=room1
access to dn="ou=room1,o=addressbook,dc=example,dc=net"
 by self write
 by dn="cn=room1_admin,ou=room2,o=addressbook,dc=example,dc=net" write
 by * read

## room2 admin access limited to ou=room1
access to dn="ou=room2,o=addressbook,dc=example,dc=net"
 by self write
 by dn="cn=room2_admin,ou=room2,o=addressbook,dc=example,dc=net" write
 by * read

Now when i want to log in with evolution, evolution crashes.
Am i using nonsense rules which makes it crash or whats going on here?

The Full Admin account works perfekt.


My DB:
- addressbook
  - room1
    - user1
    - user2
    - room1_admin

  - room2
    - user4
    - user5
    - room2_admin


Thank you very much, Mario

-- 
"Sie haben neue Mails!" - Die GMX Toolbar informiert Sie beim Surfen!
Jetzt aktivieren unter http://www.gmx.net/info

Follow-Ups:
- Re: simple acl
  - From: Tony Earnshaw <tonye@billy.demon.nl>
- Re: simple acl
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- Re: simple acl
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: Is there a tool to manage simple acl rules?
Next by Date: Re: Is there a tool to manage simple acl rules?
Index(es):
- Chronological
- Thread