----- "Stelios A." stelios.a@gmail.com wrote:
No, i have seperated Groups like:
dn: cn=IT,ou=Groups,dc=bca,dc=edu,dc=gr cn: IT objectClass: groupOfUniqueNames uniqueMember: cn=Some Name1,ou=Users,dc=mydomain,dc=edu,dc=com uniqueMember: cn=Some Name2,ou=Users,dc=mydomain,dc=edu,dc=com
and all users under ou=Users,dc=mydomain,dc=edu,dc=com
OK, just grant one group write and not the other. Remember, ACLs are accessed from top down. There are plenty of examples on the FAQ:
http://www.openldap.org/faq/data/cache/52.html
Again, also read the man page.
Thanks.