LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 11-20-2008, 08:54 AM   #1
don_wombat_73
Member
 
Registered: Sep 2005
Posts: 58

Rep: Reputation: 15
LDAP ACL assistance


Does anyone have any experience with configuring ACL access in LDAP?

Here is my situation. I have a couple of users that I want to have read/write access to the children of a container, but read only to the container. Here is the portion of my config that is appropriate:

# Allow CSR reps to create and delete Widget/Wonkle subitems
access to dn.one="ou=Widget,ou=Users,ou=ISG,dc=domain,dc=com" attrs=children
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break
access to dn.one="ou=Wonkle,ou=Users,ou=ISG,dc=domain,dc=com" attrs=children
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break

# Allow CSR Reps to read Users Tree
access to dn.base="ou=Users,ou=ISG,dc=domain,dc=com"
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" read
by * break

# Allow CSR Reps to modify the children of Widget/Wonkle users
access to dn.children="ou=Widget,ou=Users,ou=ISG,dc=domain,dc=com"
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break
access to dn.children="ou=Wonkle,ou=Users,ou=ISG,dc=domain,dc=com"
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break

The first item is where I run into problems. If I comment it out, I can have the members of CSR read the children of ou=Users just fine. But they are not able to create a new child in ou=Users. If I include it, the CSR members can delete the container.

My goal is to have them be able to add children to the Widget and Wonkle branches WITHOUT the ability to delete the entire container. This already happened and had some fun restoring the database.

TIA
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
SMBLDAP-TOOLS SAMBA LDAP . Problem when filling ldap. jcdole Linux - Server 0 06-07-2008 11:41 AM
iptables acl versus cisco acl id_viorel Linux - Security 1 04-09-2008 05:00 AM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 08:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 06:54 PM
ldap-abook unable to get street name in ldap-entry Jingle Linux - Software 1 06-06-2004 07:13 PM


All times are GMT -5. The time now is 09:30 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration