Register a domain and help support LQ
Go Back > Forums > Linux Forums > Linux - Software
User Name
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.


  Search this Thread
Old 11-20-2008, 09:54 AM   #1
Registered: Sep 2005
Posts: 58

Rep: Reputation: 15
LDAP ACL assistance

Does anyone have any experience with configuring ACL access in LDAP?

Here is my situation. I have a couple of users that I want to have read/write access to the children of a container, but read only to the container. Here is the portion of my config that is appropriate:

# Allow CSR reps to create and delete Widget/Wonkle subitems
access to"ou=Widget,ou=Users,ou=ISG,dc=domain,dc=com" attrs=children
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break
access to"ou=Wonkle,ou=Users,ou=ISG,dc=domain,dc=com" attrs=children
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break

# Allow CSR Reps to read Users Tree
access to dn.base="ou=Users,ou=ISG,dc=domain,dc=com"
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" read
by * break

# Allow CSR Reps to modify the children of Widget/Wonkle users
access to dn.children="ou=Widget,ou=Users,ou=ISG,dc=domain,dc=com"
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break
access to dn.children="ou=Wonkle,ou=Users,ou=ISG,dc=domain,dc=com"
by dn.children="ou=CSR,ou=Admins,dc=domain,dc=com" write
by * break

The first item is where I run into problems. If I comment it out, I can have the members of CSR read the children of ou=Users just fine. But they are not able to create a new child in ou=Users. If I include it, the CSR members can delete the container.

My goal is to have them be able to add children to the Widget and Wonkle branches WITHOUT the ability to delete the entire container. This already happened and had some fun restoring the database.



Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
SMBLDAP-TOOLS SAMBA LDAP . Problem when filling ldap. jcdole Linux - Server 0 06-07-2008 12:41 PM
iptables acl versus cisco acl id_viorel Linux - Security 1 04-09-2008 06:00 AM
authenticating through one ldap server that uses other ldap servers & active director dreamm Linux - Server 1 02-21-2007 09:22 AM
LXer: LDAP Series Part IV - Installing OpenLDAP on Debian Plus Some LDAP Commentary LXer Syndicated Linux News 0 10-31-2006 07:54 PM
ldap-abook unable to get street name in ldap-entry Jingle Linux - Software 1 06-06-2004 08:13 PM

All times are GMT -5. The time now is 09:47 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration