Re: ACL Question

Ludwig Krispenz <lkrispen@xxxxxxxxxx> · Thu, 31 Jan 2013 16:20:51 +0100



    Hi,

    
    it is always difficult to talk about a single aci since access is
    controlled by applying all exxising acis, and one aci can prevent
    the effect of another one.

    Also you're talking about hiding entries, but the aci you propose is
    about allowwing access, so making entries visible to the group.

    
    Could you provide more info on the tree and entries you have and
    whoc should be able to do what. What do you mean by "only certain
    people" ?

    Did you try some acis and it didn't work ? 

    
    Regards,

    Ludwig

    
    On 01/31/2013 12:35 PM, rayane karim
      wrote:

    
      Hi 
           need to setup an acl restriction based on   targetfilter
          like 
        

        (targetattr = "*") (targetfilter=
          "(!(Affectation=testaff))") (version 3.0;acl "Student
          restriction Acl";allow (write)(groupdn = "ldap:///cn=Students
          Manager,ou=Groups,dc=example,dc=com");)
        

        this  rule hide all the student branch 
                ou=Students,ou=People,dc=lagh-univ,dc=dz
        on witch it is applied
        

        need to hide only certain people form student banch for
          cn=Students Manage  
        

        pepole that havn't (Affectation=testaff) attribute
        

        thank's
        

      --
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users
    
    
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users