[prev in list] [next in list] [prev in thread] [next in thread]
List: ldap
Subject: [ldap] Access-list problem
From: "Paul Dekkers" <bb+lists.ldap () vet ! fnt ! hvu ! nl>
Date: 2002-10-28 13:07:17
[Download RAW message or body]
Hi,
I'm thinking of an access-list design where I can specify some admins in
an Organisational Unit where those admins can modify the users in the
Organisational Unit.
An ACL like this is close to what I need:
access to dn="ou=Customer,ou=Accounts,o=Organisation"
by group="cn=Admins,o=Organisation" write
by group="cn=Admins,ou=Customer,ou=Accounts,o=Organisation" write
by anonymous auth
by * none
I don't want however specify this ACL for every Customer we have. So the
ou=CustomerX would better be some kind of variable, which is the same as
the ou=CustomerX of the admin's group. If I specify
access to dn="ou=.*,ou=Accounts,o=Organisation"
by group="cn=Admins,o=Organisation" write
by group="cn=Admins,ou=.*,ou=Accounts,o=Organisation" write
by anonymous auth
by * none
this of course is not the solution, since every Admin of every Customer
can edit all user-data of other Customers :-(
Is this possible with ACL's? Is there maybe some more advanced regex
possible?
Thank you in advance,
Paul
---
You are currently subscribed to ldap@umich.edu as: [ldap@progressive-comp.com]
To unsubscribe send email to ldap-request@umich.edu with the word UNSUBSCRIBE as the \
SUBJECT of the message.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic