Zivjo, imam sledeco strukturo v ldap direktoriju:
dc=com | dc=example | -------------------------------------------------------- / \ \ ou=users ou=addressbook cn=admin / \ uid(1) uid(2)... / \ ou=addressbook ou=addressbook cilj je naslednji: - vsi uporabniki lahko pisejo v (ou=addressbook,dc=example,dc=com), - vsak uporabnik ima svoj privatni imenik do katerega ima dostop samo on (ou=addressbook,uid=(.*),ou=users,dc=example,dc=com). Vse deluje bp, razen pri dostopu do privatnega imenika (#PRIVATE ADDRESSBOOK), ki ga vidim samo ce se logiram kot cn=admin,dc=example,dc=com. ######## slapd.conf ########## ... #PASSWORDS access to attrs=userPassword by dn="cn=admin,dc=example,dc=com" write by self write by anonymous auth by * none #PRIVATE ADDRESSBOOK #access to dn.regex="^ou=addressbook,uid=([^,]+),ou=users,dc=example,dc=com$" access to dn.subtree="ou=addressbook,uid=(.*),ou=users,dc=example,dc=com" by dn="uid=$1,ou=users,dc=example,dc=com" write by * read access to dn.subtree="ou=addressbook,uid=(.*),ou=users,dc=example,dc=com" by dn="uid=$1,ou=users,dc=example,dc=com" write by * none #ADDRESSBOOK access to dn.subtree="ou=addressbook,dc=example,dc=com" by users write by anonymous none access to * by dn="cn=admin,dc=example,dc=com" write by * none defaultaccess none ... ########################### lp, tomaz _______________________________________________ lugos-list mailing list lugos-list@lugos.si http://liste2.lugos.si/cgi-bin/mailman/listinfo/lugos-list