[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: apping ACLs to groupmembers



Andreas Schuldei <andreas@schuldei.org> writes:

> * Dieter Kluenter (dieter@dkluenter.de) [040117 17:44]:
>> Andreas Schuldei <andreas@schuldei.org> writes:

>> If you are looking for access control not based on subtrees but on
>> entries you should try aci's.
>
> this has become a issue again and still needs solving.
>
> to clarify: 
>
> members in group A can write to certain attributes of entries in group B.
> members in group C can write to certain attributes of entries in group A and B.
>
> the groups are hybrids of posixGroup and groupOfNames.

Read man slapd.access(5), there are some samples on attributelists.
Furthermore this could be achieved with set, for sample configuration
search the the archive, as Ando has mailed a few examples lately. The
following faqs may help as well.

http://www.openldap.org/faq/data/cache/634.html
http://www.openldap.org/faq/data/cache/759.html
http://www.openldap.org/faq/data/cache/1133.html
http://www.openldap.org/faq/data/cache/1134.html

-Dieter

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:01443B53