Hi
about the tree got
ou=Students,ou=People,dc=example,dc=com
who contain students members
and
cn=Students Manager,ou=Groups,dc=dc=example,dc=com
witch uniqueMember field contain student manager
have tried succefully acl for allowing modify,add,delete etc. with (targetfilter= "((Affectation=testaff))")
(targetattr = "*") (targetfilter= "(Affectation=testaff)") (version 3.0;acl "Student restriction Acl";
allow (all)(groupdn = "ldap:///cn=Students Manager,ou=Groups,dc=example,dc=com");)
(applied on ou=Students,ou=People,dc=example,dc=com node)
Simply now need another opposite of previous aci ie
previous admin account (cn=Students Manager) of student branch allowed only to see+modify
account on
ou=Students,ou=People,dc=example,dc=com branch
retriction based on Affectation field ie Affectation<>testaff then not visible
Thanks
about the tree got
ou=Students,ou=People,dc=example,dc=com
who contain students members
and
cn=Students Manager,ou=Groups,dc=dc=example,dc=com
witch uniqueMember field contain student manager
have tried succefully acl for allowing modify,add,delete etc. with (targetfilter= "((Affectation=testaff))")
(targetattr = "*") (targetfilter= "(Affectation=testaff)") (version 3.0;acl "Student restriction Acl";
allow (all)(groupdn = "ldap:///cn=Students Manager,ou=Groups,dc=example,dc=com");)
(applied on ou=Students,ou=People,dc=example,dc=com node)
Simply now need another opposite of previous aci ie
previous admin account (cn=Students Manager) of student branch allowed only to see+modify
account on
ou=Students,ou=People,dc=example,dc=com branch
retriction based on Affectation field ie Affectation<>testaff then not visible
Thanks
------------------------------
Message: 3
Date: Thu, 31 Jan 2013 16:20:51 +0100
From: Ludwig Krispenz <lkrispen@xxxxxxxxxx>
To: 389-users@xxxxxxxxxxxxxxxxxxxxxxx
Subject: Re: ACL Question
Message-ID: <510A8BD3.3060006@xxxxxxxxxx>
Content-Type: text/plain; charset="utf-8"; Format="flowed"
Hi,
it is always difficult to talk about a single aci since access is
controlled by applying all exxising acis, and one aci can prevent the
effect of another one.
Also you're talking about hiding entries, but the aci you propose is
about allowwing access, so making entries visible to the group.
Could you provide more info on the tree and entries you have and whoc
should be able to do what. What do you mean by "only certain people" ?
Did you try some acis and it didn't work ?
Regards,
Ludwig
On 01/31/2013 12:35 PM, rayane karim wrote:
> Hi
> need to setup an acl restriction based on targetfilter like
>
> (targetattr = "*") (targetfilter= "(!(Affectation=testaff))") (version
> 3.0;acl "Student restriction Acl";allow (write)(groupdn =
> "ldap:///cn=Students Manager,ou=Groups,dc=example,dc=com");)
>
> this rule hide all the student branch
> ou=Students,ou=People,dc=example,dc=com
> on witch it is applied
>
> need to hide only certain people form student banch for cn=Students
> Manage
>
> pepole that havn't (Affectation=testaff) attribute
>
> thank's
>
>
>
>
> --
> 389 users mailing list
> 389-users@xxxxxxxxxxxxxxxxxxxxxxx
> https://admin.fedoraproject.org/mailman/listinfo/389-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20130131/53038787/attachment-0001.html>
------------------------------
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
