That is a usefull link. Thank you!
I finally manage this way:
access to dn.Subtree="ou=contacts,ou=people,dc=mcm,dc=com"
by dn.Subtree="ou=administradores,ou=people,dc=mcm,dc=com" write
by * read
What I wanted is to create a group of administrator to control
everything and a group of normal users with only access control in their
groups contacts.
I will also apply the group configuration you send me, thanks!
On Thu, 2009-01-29 at 17:25 +0100, Michael Ströder wrote:
> Miguel wrote:
> >
> > I m trying to configure the ldap . I have created two groups (contact
> > and administradores) within another one (people).
> >
> > I would like administradores group to have all the permissions over
> > contacts group. I have modified the slapd.conf in this way, but it
> > doesn't work:
> >
> > access to dn=".*,ou=contacts,ou=people,dc=mcm,dc=com"
> > by dn=".*,ou=administradores,ou=people,dc=mcm,dc=com" write
> > by * read
>
> You should consult the fine FAQ - in particular:
>
> "How do I use groups to manage access control?"
>
> http://www.openldap.org/faq/data/cache/52.html
>
> Ciao, Michael.
>
