directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Marcher" <martin.marc...@gmail.com>
Subject ACI with self and posixAccount
Date Tue, 01 May 2007 18:23:04 GMT
Hello,

I'm playing around with the ACIs right now and followed the example in
the apache 1.0.1 docs (hope they still apply i'm on apacheds 1.5.0 now
since i need the dynamic schema after figuring out the ACI stuff)

I'd like the following:

cn=Manager,dc=example,dc=com can access everything in dc=example,dc=com (DONE)

all posixAccount or inetOrgPerson objects in
ou=people,dc=example,dc=com should be allowed to change the password
of the "self" entry (sorry lacking better terms don't know if that's
appropriate) but noone else (except for Manager of course)

This is where I'm not sure how to tell apacheds that this self entry
can access/change the password but noone else.

And a few other restrictions like not changing the address or similiar
stuff which i was able to figure out.


The second thing is that LDAPStudio won't show a posixAccount or
posixGroup objectClass, was it dropped in 1.5 or am I doing something
wrong? I'll be happy to provide details but I'm not too proficient
with ldap right now.

thanks
-- 
Martin Marcher
martin.marcher@gmail.com
http://www.mycorners.com
https://www.xing.com/profile/Martin_Marcher
http://www.linkedin.com/in/martinmarcher
http://www.studivz.net/profile.php?ids=9f83ea8c5996b8ec
http://www.amazon.de/gp/registry/wishlist/3KDAGCL2NKOIM/ref=reg_hu-wl_goto-registry/302-4432803-5146435?ie=UTF8&sort=date-added

Mime
View raw message