Each of the following ACLs (generated from examples) uses a specific dn
where each of the top level items (i.e. if
dn="cn=root,dc=example,dc=net" then root is top level) has only one
value or wildcard. I need to be able to give access to members of a
group which, obviously, has more than one value. Can anyone give me
tips on, or examples of, syntax that will handle this? Also, what does
the ".*" notation represent? Obviously it is some kind of wildcard
What about something like this:
access to dn=".*,ou=People,dc=example,dc=net"
by dn="cn=admin,ou=Group,dc=example,dc=net" write
by * read
Note: The above did not work.
> #slapd.access.conf
> # This is a good place to put slapd access-control directives
> access to dn=".*,dc=example,dc=net" attr=userPassword
> by dn="cn=root,dc=example,dc=net" write
> by dn="uid=test,ou=People,dc=example,dc=net" write
> by dn="cn=proxyuser,dc=example,dc=net" read
> by self write
> by * auth
>
> access to dn=".*,dc=example,dc=net" attr=mail
> by dn="cn=root,dc=example,dc=net" write
> by dn="uid=test,ou=People,dc=example,dc=net" write
> by self write
> by * read
>
> access to dn=".*,ou=People,dc=example,dc=net"
> by dn="uid=test,ou=People,dc=example,dc=net" write
> by * read
>
> access to dn=".*,dc=example,dc=net"
> by self write
> by * read
>
> # samba-include.access.conf
> # You should either include this file into your
> # /etc/openldap/slapd.conf, or add the contents (after editing), inside
> # the db definition your samba server will use.
>
>
> # Index the rid for samba:
> index rid eq
>
>
> # Basic samba acl:
> access to attrs=lmPassword,ntPassword
> by dn="cn=root,dc=example,dc=net" write
> by dn="uid=root,ou=People,dc=example,dc=net" write
> by * none
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
