Re: A bit help about ACI?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On 8/23/19 11:34 AM, Mark Reynolds wrote:

Moving to the correct list (389-users)...

On 8/23/19 9:05 AM, Miljan Žugić wrote:

I apologize in advance if this is wrong address 😊

I build up 2 389 DS server, make replication and up till now, all looks fine.

But I have some issue about ACI. Where I can find good forum or site to get some real examples of ACI ?

 

Or if you can help me…I want something like this, to make “anonymous” can do read, search and compare for levels B and D, but deny to A and E (actually I have problem with level E, I can do deny to anyone to level E or deeper, but I need some specific accounts to access level E or deeper, so…I stuck how to do that) :

First you should really read the access control docs:

https://access.redhat.com/documentation/en-us/red_hat_directory_server/10/html/administration_guide/managing_access_control

In order to do what you want you need two kinds of aci, allow and deny.  You need deny rules because when you set an aci on a subtree it applies to all its children.  So as you noted you can deny level E, but it denies everyone even if they previously had access.  So you need to add new aci's on level E that open up access to the users/groups you want to have access.  So you might end up with "duplicate" aci's at different levels in your tree.

So on level B you have your anonymous access aci's - this will apply to all lower branches.  On Level E must have a deny "anonymous/anyone" rule, and then you add new acis to level E that open it back up for those you want to have access.

HTH,

Mark


 

 

Anyhow, BR 😃

 

 

Miljan Žugić

Sistemski inženjer   |  Systems engineer

Sistemska podrška  |  Corporate IT

 

T   +381 11 3306514

M +381 62 250 523

E   Miljan.Zugic@xxxxxxxxx

 

 

 

 

Halcom a.d.

Beogradska 39   |   11000 Beograd   |   Srbija

 

www.halcom.rs

 

 

-- 

389 Directory Server Development Team

_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx
-- 

389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to 389-users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/389-users@xxxxxxxxxxxxxxxxxxxxxxx

[Index of Archives]     [Fedora User Discussion]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora News]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora QA]     [Fedora Triage]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Yosemite Photos]     [Linux Apps]     [Maemo Users]     [Gnome Users]     [KDE Users]     [Fedora Tools]     [Fedora Art]     [Fedora Docs]     [Maemo Users]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Fedora ARM]

  Powered by Linux