Hi!
We are moving our Directory server from CentOS 5 Directory Server to
CentOS 6 with 389 Directory Server.
Our DIT looks like this:
dc=example,dc=com
|- dc=guests,dc=example,dc=com
We would like the users in dc=example,dc=com to have full write
permissions for their own entries. Users in dc=guests,dc=example,dc=com
must not have that permission.
For that reason we had the following ACI applied to the
dc=example,dc=com node:
(targetattr = "*")
(target = "ldap:///*@example.com,dc=example, dc=com")
(version 3.0;
acl "Write to example.com - self";
allow (read,compare,search,write)
(userdn = "ldap:///self";)
;)
This ACI works on the ol' CentOS 5 and the installed CentOS Directory
server.
However the very same ACI cannot be applied in the 389DS on CentOS 6.
LDAPException: Invalid syntax (21)
How should the ACI be written to work on CentOS 6 389DS?
Kind regards,
Mitja
--
--
Mitja Mihelič
ARNES, Tehnološki park 18, p.p. 7, SI-1001 Ljubljana, Slovenia
tel: +386 1 479 8877, fax: +386 1 479 88 78
--
389 users mailing list
389-us...@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
