Bjorn Oglefjorn wrote:
Here's what I'm starting with: (targetattr = "userPassword" ) (target = "ldap:///dc=example,dc=com";) (version 3.0; acl "Support can change passwords"; allow (all) (groupdn = "ldap:///cn=support,ou=groups,dc=example,dc=com";);) I just can't figure out how to write the exception.
You can add a separate deny aci - deny takes precedence over allow.
--BOOn 3/30/07, * Bjorn Oglefjorn* <sys.mailing@xxxxxxxxx <mailto:sys.mailing@xxxxxxxxx>> wrote:Or maybe it's not so complicated and I don't know how. ;) This is what I'm trying to accomplish: Users who are a member of the group 'cn=support' can perform ALL operations on 'userPassword', except on targets which are a member of group 'cn=admins' or'cn=bosses'.Is this possible? I can't figure out how. Thanks in advance! --BO ------------------------------------------------------------------------ -- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
-- Fedora-directory-users mailing list Fedora-directory-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-directory-users
