directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Steven Altsman <steven.alts...@gmail.com>
Subject Re: [ApacheDS] ACLS - Set a user in a partition to be an admin
Date Thu, 12 May 2011 13:51:21 GMT
Ah HA! Adding the subentry opened up a tonne of possibilities!  Thank
you very much for your assistance.

Ibis redibis nunquam per bella peribis



On Thu, May 12, 2011 at 7:33 AM, Mike Adamson <mikeatdot@gmail.com> wrote:
> Hi,
>
> You need to give the o=US,DC=mydomain,DC=org node an administrativeRole
> attribute with a value of accessControlSpecificArea and then create a sub
> entry for it like:
>
> dn: cn=adminSubentry,o=US,dc=mydomain,dc=org
> changetype: add
> objectclass: top
> objectclass: subentry
> objectclass: accessControlSubentry
> cn: adminSubentry
> subtreeSpecification: {}
> prescriptiveACI: {
>    identificationTag "administratorFullAccessACI",
>    precedence 100,
>    authenticationLevel simple,
>    itemOrUserFirst userFirst: {
>        userClasses {
>            name { "uid=adminguy,ou=people(,o=US...,DC=org)." }
>        },
>        userPermissions {
>            {
>               protectedItems {
>                   entry, allUserAttributeTypesAndValues
>               },
>               grantsAndDenials {
>                   grantAdd, grantDiscloseOnError, grantRead,
>                   grantRemove, grantBrowse, grantExport, grantImport,
>                   grantModify, grantRename, grantReturnDN,
>                   grantCompare, grantFilterMatch, grantInvoke
>               }
>           }
>       }
>   }
>   }
>
> I haven't had much joy applying these things with directory studio, it's
> easier to put it all in an ldif file and import it.
>
> Cheers,
>
> MikeA
>
> On 11 May 2011 18:33, Steven Altsman <steven.altsman@gmail.com> wrote:
>
>> Hi All,
>>
>> Pretty straightforward question, methinks: I have
>> o=US,DC=mydomain,DC=org and in there I have
>> uid=adminguy,ou=people(,o=US...,DC=org).  I want him to admin over
>> o=US,DC=mydomain,DC=org.  I've got ApacheDS and Eclipse with Directory
>> Studio extensions.
>>
>> Ibis redibis nunquam per bella peribis
>>
>

Mime
View raw message