(targetattr = "userPassword" )
(target = "ldap:///dc=example,dc=com")
(version 3.0;
acl "Support can change passwords";
allow (all)
(groupdn = "ldap:///cn=support,ou=groups,dc=example,dc=com");)
I just can't figure out how to write the exception.
--BO
On 3/30/07,
Bjorn Oglefjorn <sys.mailing@xxxxxxxxx> wrote:
Or maybe it's not so complicated and I don't know how. ;)
This is what I'm trying to accomplish:
Users who are a member of the group 'cn=support'
can perform ALL operations on 'userPassword',
except on targets which are a member of group 'cn=admins' or 'cn=bosses'.
Is this possible? I can't figure out how. Thanks in advance!
--BO
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users