[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access control for multiple admins

Luiz Marcelo <85marcelo@gmail.com> writes:

> Hello everyone!
> Good, I have a scenario where two directors write on the same basis, eg
> "cn=admin1,dc=domain,dc=com" and
> "cn=admin2,dc =domain,dc=com"
> In a general scope, both have written permission from the base. However,
> assuming the user admin1 adds the entry:
> "uid=john,ou=people,dc=domain,dc=com", only the admin1 user can modify
> this entry, so each admin should only modify their own entries created
> in any part of the base.
> Someone would have any idea how I could create an access control list
> for this

I can provide an idea, but not a working solution :-)
You may create  a set access rule that only allows write access to an
entry if attribute value of creatorsName corresponds to present
authenticated user.
Unfortunately there is almost no information available on sets, but
you may search the archiv of openldap-software mailinglist and


Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de