u=users,ou=contacts,dc=rsp,dc=com,dc=au"
by group="cn=tech,ou=authgroups,dc=rsp,dc=com,dc=au" write
by group="cn=studio,ou=authgroups,dc=rsp,dc=com,dc=au" write
by * read
access to *
by * read
Any help in "simplifying" this is greatly appreciated as this is only
the beginning of stuff I'm being asked to implement :-)
TIA
Shane.
ich groups have
access etc but then if I add extra groups to the ACL I'll need to
change code ... simply trying to modify every attribute then catching
/ reporting failures or using this to work out what they can edit just
feels dirty and surely isn't very efficient - is there an alternative?
TIA
Shane.
t,o=Real Softservice"
by dn.exact="cn=admin,ou=Support,o=Real Softservice" write
by * read
So when you login as cn=admin,ou=Support,o=Real Softservice you will
have access create / edit the full tree under ou=Support,o=Real
Softservice.
Shane.
On 09/05/07, Zhang Weiwu <[EMA
t to this rule - the
preceeding rule says give read to * so the ACL will always stop there
if it hasn't been already caught by one of the others. Simple move
that last access rule above the access to * on and you should get
things moving in the right direction.
Shane.
ombine the rewrite rule with an overlay like:
map objectClass groupOfNames posixGroup
map attribute member memberuid
I'm still struggling to get the rewrite rule to do anything at all for
me (again) but anyone have some of idea if this could actually work?
TIA
Shane.
On 09/05/07, Shan
e to start / examples? (pls
don't just recommend the man pages as I'll read them regardless)
short of overlays possibly working looks like we're stuck waiting for
all clients to move to the correct LDAP standard of using groupOfNames
and until then have to deal with duplication.
Shane.
ingly I deleted the rules from the slapd file
and now can't find test copy that had them around ...so starting
afresh basically and hoping someone else has done this or similar so I
don't need to re-invent the wheel.
TIA
Shane.
