{0}to attrs=userPassword by self write by anonymous auth by dn.children="ou=admins,dc=example,dc=com" write by group.exact="cn=cust_support,ou=group,dc=example,dc=com" write by * none {1}to dn.subtree="ou=subdomain,ou=People,dc=example,dc=com" by self write by dn.children="ou=admins,dc=example,dc=com" write by group.exact="cn=cust_support,ou=group,dc=example,dc=com" write by * read {2}to * by self write by dn.children="ou=admins,dc=example,dc=com" write by
- read
I have tried making cn=cust_support,ou=group,dc=example,dc=com both a posixGroup, and a groupOfNames. Both of them, when I go to save a new users, I get "insufficient access"
If anyone could guide me in the correct direction, it would be greatly appreciated..
Hi Brian,
Your best bet is to set up something in your dev environment, if you haven't already, then for ease switch to a simple slapd.conf testing your ACLs with slapacl and/or ldapsearch. Once, happy convert the slapd.conf to a slapd.d setup and reference the right LDIF output to import/update on your test environment. Then once double happy make live.
Best way to learn, sorry :-)