[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL question

To: openldap-software@OpenLDAP.org
Subject: Re: ACL question
From: "Alexandre Garel" <garel.alexandre@agora.msa.fr>
Date: Mon, 28 Jun 2004 13:36:16 +0200
In-reply-to: <1499.1088412276@www29.gmx.net>
References: <1499.1088412276@www29.gmx.net>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr-FR; rv:1.5) Gecko/20031007

Mario Ohnewald a écrit :

Hello!
I am using openldap 2.2.14.
I would like to give a user the permission to write all the sub-entries of a
organisationUnit.
E.g. The Production Manager is allowed to maintain his Team. Every team
memeber is allowed to write its own entry.

 		dc=example,dc=net (1)
			o=adressbuch (3)
				cn=Ohnewald Mario
				ou=produktion (3)
					cn=Arbeiter1
					cn=Arbeiter2
					cn=Produktions Leiter

## Auth
access to attr=userPassword
 by self write
 by anonymous auth

Why is the to empty ? I'm not sure it's the problem but you shall write "access to * attr=userPassword"
consider reading slapd.access man page.

# maintaince access to entries and subtrees in produktion for Produktions
Leiter
access to dn.subtree="ou=produktion,o=adressbuch,dc=example,dc=net"
 by dn="cn=Produktions Leiter,ou=produktion,o=adressbuch,dc=example,dc=net"
write


## admin access
##self write permissions.
##Rest is none
access to *
 by dn="cn=Ohnewald Mario,o=adressbuch,dc=example,dc=net" write
 by self write
 by * none


I can not even auth with this acl and i am wondering what i am doing wrong
here.
Thanks, Mario

Follow-Ups:
- Re: ACL question
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- ACL question
  - From: "Mario Ohnewald" <mario.Ohnewald@gmx.de>

Prev by Date: Re: Syncrep problem or bug? (openldap 2.2.11)
Next by Date: Re: how to make solaris 8 authenticate to an external openldap server
Index(es):
- Chronological
- Thread