Hie<span dir="ltr"></span><br><br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0pt 0pt 0pt 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div style="word-wrap:break-word">
Hello,
<div><br>
</div>
<div>can someone help me please about that?</div>
<div><br>
</div>
<div>Thanks<br>
<div><br>
<hr style="font-family:Times">
<span style="font-family:Times">
<pre>Hello All,
I would like to profile ACLs in order to let some users manage their own OU via Console.
Example:
-OUone | USERone, USERtwo, USERthree
-OUtwo | USERfour, USERfive
-OUthree | USERsix, USERseven, USEReight
In every OU I have many users, but I would like to give console access to one user x OU and let them manage their own OU without list and manage the other OUs.
USERone can add or remove users ONLY for OUone
USERfour can add or remove users ONLY for OUtwo
USERsix can add or remove users ONLY for OUthree
Thanks!!
Andrea</pre>
</span>
<div><br></div></div></div></div></blockquote><div><br>Below acl's will help you to achieve the same.<br><br>aci: (targetattr = "*") (target = "ldap:///ou=ouone,dc=example,dc=com") (versi<br> on 3.0;acl "user_one";allow (all,proxy)(userdn = "ldap:///uid=userone,ou=Peo<br>
ple,dc=example,dc=com");)<br>aci: (targetattr = "*") (target = "ldap:///ou=outwo,dc=example,dc=com") (versi<br> on 3.0;acl "user_four";allow (all)(userdn = "ldap:///uid=userfour,ou=People,<br>
dc=example,dc=com");)<br>aci: (targetattr = "*") (target = "ldap:///ou=outhree,dc=example,dc=com") (ver<br> sion 3.0;acl "user_six";allow (all)(userdn = "ldap:///uid=usersix,ou=People,<br>
dc=example,dc=com");)<br><br>It says uid=userone,ou=People,dc=example,dc=com can write in ou=ouone,dc=example,dc=com<br>& uid=userfour,ou=People,dc=example,dc=com can write in ou=outwo,dc=example,dc=com<br>& uid=usersix,ou=People,dc=example,dc=com can write in ou=outhree,dc=example,dc=com<br>
<br>Example <br># entry-id: 19<br>dn: uid=utest,ou=ouone,dc=example,dc=com<br>uid: utest<br>givenName: user<br>objectClass: top<br>objectClass: person<br>objectClass: organizationalPerson<br>objectClass: inetorgperson<br>
sn: test<br>cn: user test<br>userPassword: {MD5}4nmK8Sp6D09wtNae+8JfTQ==<br>creatorsName: uid=userone,ou=people,dc=example,dc=com <---------- created as per ACI<br>modifiersName: uid=userone,ou=people,dc=example,dc=com<br>
createTimestamp: 20120227201512Z<br>modifyTimestamp: 20120227201512Z<br>nsUniqueId: ad0ee181-617f11e1-bd04f4a7-338b5e96<br><br><br>Regards<br>Arpit Tolani<br>
</div></div>