Hi,
I've this estructure
dc=empresa,dc=com | Dep1 | |---------User1 |---------User11 Dep2 | |---------User2 |---------User22 Dep3 | |---------User3 |---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1, User1 and User11 data. --> Dep1 Subtree I want that User2 and User22 (users under Dep2) can only access to Dep2, User2 and User22 data. --> Dep2 Subtree I want that User3 and User33 (users under Dep3) can only access to Dep3, User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1 access to dn.subtree="ou=Dep1,dc=empresa,dc=com" by dn.children="ou=Dep1,dc=empresa,dc=com" read by anonymous auth by * none
#DEP2 ONLY ACCESS TO DEP2 access to dn.subtree="ou=Dep2,dc=empresa,dc=com" by dn.children="ou=Dep2,dc=empresa,dc=com" read by anonymous auth by * none
#DEP3 ONLY ACCESS TO DEP3 access to dn.subtree="ou=Dep3,dc=empresa,dc=com" by dn.children="ou=Dep3,dc=empresa,dc=com" read by anonymous auth by * none
#ADMIN access to * by dn="cn=admin,dc=empresa,dc=com" write by anonymous auth by * none
Thanks and bye.
Isaac Gonzalez wrote:
Hi,
I've this estructure
dc=empresa,dc=com | Dep1 | |---------User1 |---------User11 Dep2 | |---------User2 |---------User22 Dep3 | |---------User3 |---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1, User1 and User11 data. --> Dep1 Subtree I want that User2 and User22 (users under Dep2) can only access to Dep2, User2 and User22 data. --> Dep2 Subtree I want that User3 and User33 (users under Dep3) can only access to Dep3, User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1 access to dn.subtree="ou=Dep1,dc=empresa,dc=com" by dn.children="ou=Dep1,dc=empresa,dc=com" read by anonymous auth by * none
#DEP2 ONLY ACCESS TO DEP2 access to dn.subtree="ou=Dep2,dc=empresa,dc=com" by dn.children="ou=Dep2,dc=empresa,dc=com" read by anonymous auth by * none
#DEP3 ONLY ACCESS TO DEP3 access to dn.subtree="ou=Dep3,dc=empresa,dc=com" by dn.children="ou=Dep3,dc=empresa,dc=com" read by anonymous auth by * none
#ADMIN access to * by dn="cn=admin,dc=empresa,dc=com" write by anonymous auth by * none
Thanks and bye.
Have you resolved this?
Hi,
No I Don't.
Isaac Gonzalez wrote:
Hi,
I've this estructure
dc=empresa,dc=com | Dep1 | |---------User1 |---------User11 Dep2 | |---------User2 |---------User22 Dep3 | |---------User3 |---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1, User1 and User11 data. --> Dep1 Subtree I want that User2 and User22 (users under Dep2) can only access to Dep2, User2 and User22 data. --> Dep2 Subtree I want that User3 and User33 (users under Dep3) can only access to Dep3, User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1 access to dn.subtree="ou=Dep1,dc=empresa,dc=com" by dn.children="ou=Dep1,dc=empresa,dc=com" read by anonymous auth by * none
#DEP2 ONLY ACCESS TO DEP2 access to dn.subtree="ou=Dep2,dc=empresa,dc=com" by dn.children="ou=Dep2,dc=empresa,dc=com" read by anonymous auth by * none
#DEP3 ONLY ACCESS TO DEP3 access to dn.subtree="ou=Dep3,dc=empresa,dc=com" by dn.children="ou=Dep3,dc=empresa,dc=com" read by anonymous auth by * none
#ADMIN access to * by dn="cn=admin,dc=empresa,dc=com" write by anonymous auth by * none
Thanks and bye.
Have you resolved this?
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
igonzalez@es.clara.net wrote:
Hi,
No I Don't.
You could do it by groups.
Isaac Gonzalez wrote:
Hi,
I've this estructure
dc=empresa,dc=com | Dep1 | |---------User1 |---------User11 Dep2 | |---------User2 |---------User22 Dep3 | |---------User3 |---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1, User1 and User11 data. --> Dep1 Subtree I want that User2 and User22 (users under Dep2) can only access to Dep2, User2 and User22 data. --> Dep2 Subtree I want that User3 and User33 (users under Dep3) can only access to Dep3, User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1 access to dn.subtree="ou=Dep1,dc=empresa,dc=com" by dn.children="ou=Dep1,dc=empresa,dc=com" read by anonymous auth by * none
#DEP2 ONLY ACCESS TO DEP2 access to dn.subtree="ou=Dep2,dc=empresa,dc=com" by dn.children="ou=Dep2,dc=empresa,dc=com" read by anonymous auth by * none
#DEP3 ONLY ACCESS TO DEP3 access to dn.subtree="ou=Dep3,dc=empresa,dc=com" by dn.children="ou=Dep3,dc=empresa,dc=com" read by anonymous auth by * none
#ADMIN access to * by dn="cn=admin,dc=empresa,dc=com" write by anonymous auth by * none
Thanks and bye.
Have you resolved this?
-- Kind Regards,
Gavin Henry. Managing Director.
T +44 (0) 1224 279484 M +44 (0) 7930 323266 F +44 (0) 1224 824887 E ghenry@suretecsystems.com
Open Source. Open Solutions(tm).
openldap-software@openldap.org
-
Gavin Henry -
igonzalez@es.clara.net -
Isaac Gonzalez