So an ACL could be:

to dn.subtree="o=company1,dc=domain,dc=com" by group="c cn=admins_company1,o=company1,dc=domain,dc=com" write

I have 25 of these groups, so I need 25 ACLs like the one above: having one per line can lead to a performance issue?

thanks

Alberto Aldrigo

Il 28/12/16 19:22, Quanah Gibson-Mount ha scritto:

--On Friday, December 23, 2016 11:16 AM +0100 Alberto Aldrigo <alberto.aldrigo@h-farm.com> wrote:

uid=user1 and uid=user6 are company1's administrators, so they can write
in whole o=company1 subtree

Might be best to make an LDAP group with those users as members, and then write an ACL based off of that group for its specific privileges.

--Quanah

--

Quanah Gibson-Mount
Product Architect
Symas Corporation
Packaged, certified, and supported LDAP solutions powered by OpenLDAP:
<http://www.symas.com>

H-FARM Spa

Tenuta Ca' Tron

via Sile, 41 – Roncade

Treviso IT – 31056

T +39 0422 7896

S h-farm.com