Let me Elaborate what I want to ask you. Say, I have 2 project under People directory structure - 1. DICE and 2. IM. Under ----DICE I have two users - Vinod and Sapna and Under -----IM two users - shamim and Shreepath Now What I did is I right clicked on DICE. > Set Access Permission > New > Named ACI as "Access Control" > Added user "Shamim" from IM(Coz I don't want him to access DICE project) > Rights(I dint selected any-completely unticked) > Target (Target Directory Entry-->Same entry (ou=DICE,ou=People,dc=csse,dc=edu,dc=com) > Host = 10.14.242.93 > time(Left unaltered) The rule which was constructed : (targetattr = "*") (target = "ldap:///ou=DICE,ou=People, dc=csse,dc=edu,dc=com") (version 3.0;acl "Acess rights for these users";deny (all)(userdn = "ldap:///uid=shamim,ou=IM,ou=People, dc=csse,dc=edu,dc=com") and (ip="10.14.242.93");) Now It means that if it work fine...If I login as Shamim in 10.14.242.93 it should not be able to throw any output as I run: $pwd /home/shamim $getent passwd Vinod An I right??????if not then what is the correct way to implement this??? This e-mail and any attachment is for authorised use by the intended recipient(s) only. It may contain proprietary material, confidential information and/or be subject to legal privilege. It should not be copied, disclosed to, retained or used by, any other party. If you are not an intended recipient then please promptly delete this e-mail and any attachment and all copies and inform the sender. Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.fedoraproject.org/pipermail/389-users/attachments/20080211/1aa476e7/attachment.html
