Hi,
I have read various documents (including Redhat ones) about ACI
implementation. But still the following basic scenario confuses me.
* anonymous bind disabled
* each client server is authenticated with a unique username (e.g.
"ou=ServerUsers,dc=domain,dc=com")
* "ou=Projects,dc=domain,dc=com" holds confidential data
==>
"uid=serveruser1,ou=ServerUsers,dc=domain,dc=com" should only be able to
see one or several entries under "ou=Projects,dc=domain,dc=com"
QUESTION: in order to minimize amount of ACIs, how should I setup the
described situation?
I have come up with the following options:
1. allow/deny
What is the correct way to use allow/deny because if I use default deny
on ou=Projects..., it overrides allows.
2. custom attribute
Add a custom attribute somewhere and use that for ACI?
I could use some concrete examples. I couldn't find any relevant guides
or I'm just blind. :) Thanks for help.
-Matti
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
