Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Web & Directory Servers >> Directory Servers

how to grant aci for people belong to a mulitvalued attribute

I have the following shemas

ou = interns,ou=people,dc=compagny,dc=com

ou = externs,ou=people,dc=compagny,dc=com

cn=fonct1,ou=fonct,dc=compagny,dc=com

cn=fonct2,ou=fonct,dc=compagny,dc=com

......

cn=foncN,ou=fonct,dc=compagny,dc=com

1/ Each entry "fonct "has a multivalued attribute ( manager) witch

contain the dn of a intern or extern, like below:

dn: cn=fonct1, ou=fonct, dc=compagny,dc=com

cn=fonct1

manager: uid=aaaa,ou=interns,ou=people,dc=compagny,dc=com

manager: uid=dddd,ou=externs,ou=people,dc=compagny,dc=com

manager: uid=bbb,ou=externs,ou=people,dc=compagny,dc=com

2 / interns and extern have the 'MyAttribute"

Question:

I want a aci that grant manager to modify the "MyAttribute" of all interns and all externs.

thanks.

[853 byte] By [Petty] at [2007-11-26 6:57:43]
«« Auto Restart for SSL-enabled Servers
»» Caching of dynamic content
# 1

Not 100% clear what you want to do...Assuming all managers can edit all interns & externs you can do this:

Create a group (this example uses "manager group")...

Then put this ACI on the ou=interns & ou=externs branches:

(targetattr = "myAttribute")

(version 3.0;

acl "Custom ACI";

allow (all)

(groupdn = "ldap:///cn=manager group,ou=groups,dc=company,dc=com")

;)

ericknitsol10 at 2007-7-6 15:33:12 > top of Java-index,Web & Directory Servers,Directory Servers...
# 2

I would like to put an aci like that ( it does not match) :

(targetattr = "myAttribute")

(version 3.0;

acl "Custom ACI";

allow (all)

(userAttr = "ou=fonct,dc=compagny,dc=com? sub?manager#USERDN")

;)

Question :

I there another way that allow me to put an aci without creating a group in my directory? ( with a role or other way)

I want to put an aci witch assume that :

- the manageris an intern or an extern

- the manager ' dn is in the "manager" attribute of the "ou=fonct,dc=compagny,dc=com" subentry

Thanks.

NB : I hope you understood ( i don't speak english fluently)

Petty at 2007-7-6 15:33:12 > top of Java-index,Web & Directory Servers,Directory Servers...
# 3

Yes i am also confused on why the "manager" attribute holds the dn for an "intern"? One would have tought that it would hold the dn for a manager.

In short you can create a managed or filtered role and add corresponding aci for it. For details refer to this page

http://docs.sun.com/source/817-7613/rolescos.html#wp19589

Regards,

-Wajih

Wajih at 2007-7-6 15:33:12 > top of Java-index,Web & Directory Servers,Directory Servers...
Web & Directory Servers
Directory Servers

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified