29 Jul
2008
29 Jul
'08
2:01 p.m.
On Tue, 29 Jul 2008, Michael Ströder wrote:
I have two suffixes with two bdb backends, in the first suffix you find internal and in the second suffix you find external users.
You could glue the suffixes together under a common suffix if it does not violate your security requirements and place slapo-unique there.
Presumably, the two suffix values are known in advance as constants. Therefore it should be fairly trivial to write ACLs along the lines of:
access to dn.subtree="ou=Area1,dc=suffix" [mostlyAllow] access to dn.subtree="ou=Area2,dc=suffix" [mostlyAllow] access to dn.subtree="dc=suffix" [mostlyDeny]
which should allow slapo-unique to be used (under access internal to slapd) while not granting additional access to the external world.