Isaac Gonzalez wrote:
Hi,
I've this estructure
dc=empresa,dc=com | Dep1 | |---------User1 |---------User11 Dep2 | |---------User2 |---------User22 Dep3 | |---------User3 |---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1, User1 and User11 data. --> Dep1 Subtree I want that User2 and User22 (users under Dep2) can only access to Dep2, User2 and User22 data. --> Dep2 Subtree I want that User3 and User33 (users under Dep3) can only access to Dep3, User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1 access to dn.subtree="ou=Dep1,dc=empresa,dc=com" by dn.children="ou=Dep1,dc=empresa,dc=com" read by anonymous auth by * none
#DEP2 ONLY ACCESS TO DEP2 access to dn.subtree="ou=Dep2,dc=empresa,dc=com" by dn.children="ou=Dep2,dc=empresa,dc=com" read by anonymous auth by * none
#DEP3 ONLY ACCESS TO DEP3 access to dn.subtree="ou=Dep3,dc=empresa,dc=com" by dn.children="ou=Dep3,dc=empresa,dc=com" read by anonymous auth by * none
#ADMIN access to * by dn="cn=admin,dc=empresa,dc=com" write by anonymous auth by * none
Thanks and bye.
Have you resolved this?