directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Martin Marcher" <>
Subject ACI with self and posixAccount
Date Tue, 01 May 2007 18:23:04 GMT

I'm playing around with the ACIs right now and followed the example in
the apache 1.0.1 docs (hope they still apply i'm on apacheds 1.5.0 now
since i need the dynamic schema after figuring out the ACI stuff)

I'd like the following:

cn=Manager,dc=example,dc=com can access everything in dc=example,dc=com (DONE)

all posixAccount or inetOrgPerson objects in
ou=people,dc=example,dc=com should be allowed to change the password
of the "self" entry (sorry lacking better terms don't know if that's
appropriate) but noone else (except for Manager of course)

This is where I'm not sure how to tell apacheds that this self entry
can access/change the password but noone else.

And a few other restrictions like not changing the address or similiar
stuff which i was able to figure out.

The second thing is that LDAPStudio won't show a posixAccount or
posixGroup objectClass, was it dropped in 1.5 or am I doing something
wrong? I'll be happy to provide details but I'm not too proficient
with ldap right now.

Martin Marcher

View raw message