Hello,
I manage all my users with LDAP.
I would like to build the following reading rules:
1. only admin can change passwords, authenticated users read and anonymous do
nothing
2. Authenticated users access the database but can only read their account but
not the rest
3. the group ou = system-read can read the whole database
4. the group ou = system-write can write in ou = ent
5. Anonymous access is forbidden
My LDIF file :
dn: olcDatabase={1}mdb,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to attrs=userPassword by self write by
dn="cn=admin,dc=example,dc=fr" write by * auth
olcAccess: {1}to dn.base="" by self write by
dn="ou=system-read,dc=example,dc=fr" read by * auth
olcAccess: {2}to dn.subtree="ou=ent,dc=example,dc=fr" by self write by
dn="ou=system-write,dc=example,dc=fr" write by * none
olcAccess: {3}to * by self write by dn="cn=admin,dc=example,dc=fr" write by *
none
I have a lot of trouble with ACLs, I can not do what I want with. Thank you for
your help.
Florent
