Hello,
I m trying to configure the ldap . I have created two groups (contact and administradores) within another one (people).
I would like administradores group to have all the permissions over contacts group. I have modified the slapd.conf in this way, but it doesn't work:
access to dn=".*,ou=contacts,ou=people,dc=mcm,dc=com" by dn=".*,ou=administradores,ou=people,dc=mcm,dc=com" write by * read
could anybody help me?
thank you in advance, Miguel
Miguel wrote:
I m trying to configure the ldap . I have created two groups (contact and administradores) within another one (people).
I would like administradores group to have all the permissions over contacts group. I have modified the slapd.conf in this way, but it doesn't work:
access to dn=".*,ou=contacts,ou=people,dc=mcm,dc=com" by dn=".*,ou=administradores,ou=people,dc=mcm,dc=com" write by * read
You should consult the fine FAQ - in particular:
"How do I use groups to manage access control?"
http://www.openldap.org/faq/data/cache/52.html
Ciao, Michael.
That is a usefull link. Thank you! I finally manage this way:
access to dn.Subtree="ou=contacts,ou=people,dc=mcm,dc=com" by dn.Subtree="ou=administradores,ou=people,dc=mcm,dc=com" write by * read
What I wanted is to create a group of administrator to control everything and a group of normal users with only access control in their groups contacts.
I will also apply the group configuration you send me, thanks!
On Thu, 2009-01-29 at 17:25 +0100, Michael Ströder wrote:
Miguel wrote:
I m trying to configure the ldap . I have created two groups (contact and administradores) within another one (people).
I would like administradores group to have all the permissions over contacts group. I have modified the slapd.conf in this way, but it doesn't work:
access to dn=".*,ou=contacts,ou=people,dc=mcm,dc=com" by dn=".*,ou=administradores,ou=people,dc=mcm,dc=com" write by * read
You should consult the fine FAQ - in particular:
"How do I use groups to manage access control?"
http://www.openldap.org/faq/data/cache/52.html
Ciao, Michael.
openldap-software@openldap.org
-
Michael Ströder -
Miguel