"uid=serveruser1,ou=ServerUsers,dc=domain,dc=com"
==> has access to
"cn=Project1,ou=Projects,dc=domain,dc=com"
AND
"cn=Project2,ou=Projects,dc=domain,dc=com"
==> deny access to other entries in "ou=Projects,dc=domain,dc=com"
you could use targetfilter like:
(targetfilter = "(|(cn=Project1)(cn=Pr
On 01/02/2013 11:41 AM, Matti Alho wrote:
What is the correct way to use allow/deny because if I use default
deny on ou=Projects..., it overrides allows.
deny always has precedence, it cannot be overridden by an allow rule. So
you should model your acis with allow rules (defining exceptions fro
What is the correct way to use allow/deny because if I use default
deny on ou=Projects..., it overrides allows.
deny always has precedence, it cannot be overridden by an allow rule. So
you should model your acis with allow rules (defining exceptions from
the default deny).
So basically default
Hi
On 01/02/2013 08:18 AM, Matti Alho wrote:
Hi,
I have read various documents (including Redhat ones) about ACI
implementation. But still the following basic scenario confuses me.
* anonymous bind disabled
* each client server is authenticated with a unique username (e.g.
"ou=ServerUsers,dc
Hi,
I have read various documents (including Redhat ones) about ACI
implementation. But still the following basic scenario confuses me.
* anonymous bind disabled
* each client server is authenticated with a unique username (e.g.
"ou=ServerUsers,dc=domain,dc=com")
* "ou=Projects,dc=domain,dc