Isaac Gonzalez wrote:
Hi,
I've this estructure
dc=empresa,dc=com
|
Dep1
|
|---------User1
|---------User11
Dep2
|
|---------User2
|---------User22
Dep3
|
|---------User3
|---------User33
I want that User1 and User11 (users under Dep1) can only access to Dep1,
User1 and User11 data. --> Dep1 Subtree
I want that User2 and User22 (users under Dep2) can only access to Dep2,
User2 and User22 data. --> Dep2 Subtree
I want that User3 and User33 (users under Dep3) can only access to Dep3,
User3 and User33 data. --> Dep3 Subtree
It's correct this ACL? Can't be more simple?
#DEP1 ONLY ACCESS TO DEP1
access to dn.subtree="ou=Dep1,dc=empresa,dc=com"
by dn.children="ou=Dep1,dc=empresa,dc=com" read
by anonymous auth
by * none
#DEP2 ONLY ACCESS TO DEP2
access to dn.subtree="ou=Dep2,dc=empresa,dc=com"
by dn.children="ou=Dep2,dc=empresa,dc=com" read
by anonymous auth
by * none
#DEP3 ONLY ACCESS TO DEP3
access to dn.subtree="ou=Dep3,dc=empresa,dc=com"
by dn.children="ou=Dep3,dc=empresa,dc=com" read
by anonymous auth
by * none
#ADMIN
access to *
by dn="cn=admin,dc=empresa,dc=com" write
by anonymous auth
by * none
Thanks and bye.
Have you resolved this?
--
Kind Regards,
Gavin Henry.
Managing Director.
T +44 (0) 1224 279484
M +44 (0) 7930 323266
F +44 (0) 1224 824887
E [EMAIL PROTECTED]
Open Source. Open Solutions(tm).
http://www.suretecsystems.com/
