On Wed, Dec 19, 2012 at 04:39:50PM +0530, anil beniwal wrote:
First one is working fine, 2nd one is not allowing to write access to Vpwrite user.
The second ACI is for Vwrite and Vread, not Vpwrite...
Scanerio is we want to delegate read access to all the attributes to one user and other user to write access to all the attributes.
This is for login.
access to attrs=userPassword
by self write
by dn="cn=Vpwrite,ou=businessUsersGroup,dc=example,dc=com" write
by dn="cn=Vpread,ou=businessUsersGroup,dc=example,dc=com" read
by anonymous auth
by * break
You may not want that 'by * break' clause. It will allow both Vread and Vwrite to access the password attribute.
Read/Write access
access to *
by dn="cn=Vwrite,ou=businessUsersGroup,dc=example,dc=com" write
by dn="cn=Vread,ou=businessUsersGroup,dc=example,dc=com" read
by * none
Did you really intend to have four users here, or just two?
Andrew