Here's what I'm starting with: (targetattr = "userPassword" ) (target = "ldap:///dc=example,dc=com";) (version 3.0; acl "Support can change passwords"; allow (all) (groupdn = "ldap:///cn=support,ou=groups,dc=example,dc=com";);)
I just can't figure out how to write the exception. --BO On 3/30/07, Bjorn Oglefjorn <[EMAIL PROTECTED]> wrote:
Or maybe it's not so complicated and I don't know how. ;) This is what I'm trying to accomplish: Users who are a member of the group 'cn=support' can perform ALL operations on 'userPassword', except on targets which are a member of group 'cn=admins' or 'cn=bosses'. Is this possible? I can't figure out how. Thanks in advance! --BO
-- Fedora-directory-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/fedora-directory-users
