Re: [389-users] ACL Console

Arpit Tolani <arpittolani@xxxxxxxxx> · Mon, 27 Feb 2012 17:55:43 +0530

Hie

Hello,

can someone help me please about that?

Thanks

Hello All,

I would like to profile ACLs in order to let some users manage their own OU via Console.
Example:
-OUone | USERone, USERtwo, USERthree
-OUtwo | USERfour, USERfive
-OUthree | USERsix, USERseven, USEReight

In every OU I have many users, but I would like to give console access to one user x OU and let them manage their own OU without list and manage the other OUs.

USERone can add or remove users ONLY for OUone
USERfour can add or remove users ONLY for OUtwo
USERsix can add or remove users ONLY for OUthree

Thanks!!

Andrea

Below acl's will help you to achieve the same.

aci: (targetattr = "*") (target = "ldap:///ou=ouone,dc=example,dc=com") (versi
 on 3.0;acl "user_one";allow (all,proxy)(userdn = "ldap:///uid=userone,ou=Peo

 ple,dc=example,dc=com");)
aci: (targetattr = "*") (target = "ldap:///ou=outwo,dc=example,dc=com") (versi
 on 3.0;acl "user_four";allow (all)(userdn = "ldap:///uid=userfour,ou=People,

 dc=example,dc=com");)
aci: (targetattr = "*") (target = "ldap:///ou=outhree,dc=example,dc=com") (ver
 sion 3.0;acl "user_six";allow (all)(userdn = "ldap:///uid=usersix,ou=People,

 dc=example,dc=com");)

It says uid=userone,ou=People,dc=example,dc=com can write in ou=ouone,dc=example,dc=com
& uid=userfour,ou=People,dc=example,dc=com can write in ou=outwo,dc=example,dc=com
& uid=usersix,ou=People,dc=example,dc=com can write in ou=outhree,dc=example,dc=com

Example 
# entry-id: 19
dn: uid=utest,ou=ouone,dc=example,dc=com
uid: utest
givenName: user
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson

sn: test
cn: user test
userPassword: {MD5}4nmK8Sp6D09wtNae+8JfTQ==
creatorsName: uid=userone,ou=people,dc=example,dc=com <---------- created as per ACI
modifiersName: uid=userone,ou=people,dc=example,dc=com

createTimestamp: 20120227201512Z
modifyTimestamp: 20120227201512Z
nsUniqueId: ad0ee181-617f11e1-bd04f4a7-338b5e96

Regards
Arpit Tolani

--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users