ACI to read/write a single BRANCH ...

Hello gurus !

My situation is a tree like this:

o=entry

+ou=one

+ou=two

+ou=three

+ou=four

I would like to create a user able to modify/read/etc.etc. ONLY ou=four contents...

I've placed a uid=fouradmin, ou=four,o=entry and I've created an ACI to let it do everything under ou=four.

Now, if I create a new ACI in ou=four to EXCLUDE access to ANYONE, this ACI became the stronger and I'm not able to do nothing with uid=fouradmin......

How can I bypass this situation and allow ONLY to uid=fouradmin complete access to ou=four and subsequential ?

Thanks,

silvio

I forgot to say that o=entry ( and subsequentials ) has the standard read only accett to all users...

Thanks,

silvio

Message was edited by:

infocamere

[828 byte] By [infocamere] at [2007-11-26 11:20:35]

«« How to rollback a transaction?
»» Using the ttyb serial port on a V240

# 1

Access is denied unless there is an ACI that specifically grant access...

You should consider not using the DENY acis at all.

If what you want is that only fouradmin to have access to ou=four, do it so:

- Aci in ou=four grants all rights to fouradmin.

- Aci in o=entry (top) should use (target != "*ou=four,o=entry) grant access to anyone.

Ludovic.

ludovicp at 2007-7-7 3:36:02 >

top of Java-index,Web & Directory Servers,Directory Servers...

# 2

Thanks Ludovic ! It works fine Thank you very much and Regards,Silvio

infocamere at 2007-7-7 3:36:02 >

Java programming resources: FAQs, tutorials, compiler and browser download sites, documentation, books lists, IDEs, etc.

ACI to read/write a single BRANCH ...

Web & Directory Servers New Topic

Web & Directory Servers Hot Topic

Web & Directory Servers

All Classified