Hi!
I've following ldap rules, the open xchange itself works without a
problem.
access to dn.base="" by * read
access to dn.base="cn=Subschema"
by dn="cn=admin,dc=hitt,dc=at" write
by * read
# protect the userPassword attribute
access to attr=userPassword
by dn="cn=admin,dc=hitt,dc=at" write
by self write
by anonymous auth
# global address book
access to dn.subtree="o=AddressBook,ou=OxObjects,dc=hitt,dc=at"
by dn="cn=admin,dc=hitt,dc=at" write
by
group.exact="cn=AddressAdmins,o=AddressBook,ou=OxObjects,dc=hitt,dc=at"
write
by users read
# personal address book (2.2)
access to
dn.regex="^ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=hitt,dc=at)$"
attrs=children
by dn="cn=admin,dc=hitt,dc=at" write
by dn.exact,expand="$1" write
access to
dn.regex="^uid=([^,]+),ou=addr,(uid=([^,]+),ou=Users,ou=OxObjects,dc=hitt,dc=at)$"
attrs=entry
by dn="cn=admin,dc=hitt,dc=at" write
by dn.exact,expand="$2" write
# default rule allowing users full access to their own entries
access to *
by dn="cn=admin,dc=hitt,dc=at" write
by self write
by users read
But I'm not able to browse with an ldap gui client (luma) as admin
through the tree. That works only i add before the other lines, but this
breaks the security of the appove rules.
access to *
by dn="cn=admin,dc=ox,dc=hitt,dc=at" write
by * read
So any idea what is not correct on the above lines? thx
--
Robert Penz
HITT - health information technologies tirol gmbh
Tel: +43-512-576523 - 232
Fax: +43-512-576523 - 70
email: [EMAIL PROTECTED]
Send documents please in OpenDocument-Format (ODF) alias ISO/IEC 26300
"Windows Vista" is the abbreviation for "Windows with Viruses,
Instability,
Spyware, Trojans and Adware"
---
You are currently subscribed to [email protected] as: [EMAIL PROTECTED]
To unsubscribe send email to [EMAIL PROTECTED] with the word UNSUBSCRIBE as the
SUBJECT of the message.
