16 Oct
2017
16 Oct
'17
8:05 a.m.
Hi Quanah,
On Mon, Oct 16, 2017 at 07:58:45AM -0700, Quanah Gibson-Mount wrote:
--On Monday, October 16, 2017 5:55 PM +0200 Ervin Hegedüs airween@gmail.com wrote:
without any real testing, I'm afraid that the rule{0} gives the write access to cn=groupabcadmin to _all_ db, not just the ou=ABC Cumstomer subtree.
Em I right?
Hm, yes, that's correct. You'll need to do something like utilize by * break appropriately, or have multiple "access to userPassword" ACLs by group, then a catchall after that.
I'm sorry - could you give me an example?
I just started to use the LDAP acl since few days... :)
I don't belive that this need is generated first time, but I don't found any example, or case-study.
Thanks again,
a.