Dear all,
I've got a little ACL problem with openldap 2.2. My ldap tree is very simple, like this: dc=example,dc=tld +ou=A,dc=example,dc=tld +cn=postmaster,ou=A,dc=example,dc=tld +cn=user1,ou=A,dc=example,dc=tld +cn=user2,ou=A,dc=example,dc=tld +.... +ou=B,dc=example,dc=tld +cn=postmaster,ou=B,dc=example,dc=tld +cn=user1,ou=B,dc=example,dc=tld +cn=user2,ou=B,dc=example,dc=tld +.... +.... I want to set an ACL, what allow: - postmaster can write all attributes only in own OU - when the postmaster bind to the ldap server, see only own ou as a "root dn", ( like an "ldap jail" :) ) Thanks for help, and sorry for my bad English, Best Regards, Thomas
