Hi, Michael!
> However, when I want to restrict only the sales staff who can access
> dn.children="ou=vendor, dc=foo, dc=com", the following rules fail to do so.
> access to dn="ou=vendor, dc=foo, dc=com" by dn="ou=sales, dc=foo,
> dc=com" read
> access to dn.children="ou=vendor, dc=foo, dc=com" by
> dn.children="ou=sales, dc=foo, dc=com" read
Maybe the following rules will work for you:
access to dn.children="ou=vendor,dc=foo,dc=com"
by dn.children="ou=sales, dc=foo, dc=com" read
by * read
access to dn.children="ou=misc, dc=foo, dc=com"
by dn.children="ou=sales, dc=foo, dc=com" none
by * read
access to dn.children="ou=sales, dc=foo, dc=com"
by dn.children="ou=sales, dc=foo, dc=com" none
by * read
access to dn.children="ou=it, dc=foo, dc=com"
by dn.children="ou=sales, dc=foo, dc=com" none
by * read
Have a look here for more examples of access restriction:
http://www.openldap.org/doc/admin21/slapdconfig.html#Access%20Control
Greetz,
A. Sopicki
--
redhat-list mailing list
unsubscribe mailto:[EMAIL PROTECTED]
https://www.redhat.com/mailman/listinfo/redhat-list
