Isaac Gonzalez wrote:
Hi,
> I've this estructure
>
> dc=empresa,dc=com
> |
> Dep1
> |
> |---------User1
> |---------User11
> Dep2
> |
> |---------User2
> |---------User22
> Dep3
> |
> |---------User3
> |---------User33
>
>
> I want that User1 and User11 (users under Dep1) can only access to Dep1,
> User1 and User11 data. --> Dep1 Subtree
> I want that User2 and User22 (users under Dep2) can only access to Dep2,
> User2 and User22 data. --> Dep2 Subtree
> I want that User3 and User33 (users under Dep3) can only access to Dep3,
> User3 and User33 data. --> Dep3 Subtree
>
> It's correct this ACL? Can't be more simple?
>
> #DEP1 ONLY ACCESS TO DEP1
> access to dn.subtree="ou=Dep1,dc=empresa,dc=com"
> by dn.children="ou=Dep1,dc=empresa,dc=com" read
> by anonymous auth
> by * none
>
> #DEP2 ONLY ACCESS TO DEP2
> access to dn.subtree="ou=Dep2,dc=empresa,dc=com"
> by dn.children="ou=Dep2,dc=empresa,dc=com" read
> by anonymous auth
> by * none
>
> #DEP3 ONLY ACCESS TO DEP3
> access to dn.subtree="ou=Dep3,dc=empresa,dc=com"
> by dn.children="ou=Dep3,dc=empresa,dc=com" read
> by anonymous auth
> by * none
>
> #ADMIN
> access to *
> by dn="cn=admin,dc=empresa,dc=com" write
> by anonymous auth
> by * none
>
>
> Thanks and bye.
>
>
>
Have you resolved this?
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E ghenry(a)suretecsystems.com
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/