Hi *,
I'm having a directory with an basedn:
dc=foo, dc=bar
containing an "sub directory" named "internal":
cn=internal, dc=foo, dc=bar
Now I want to hide "internal" and its children from most users, with
exception of the members of some administrative groups, so I added an
ACI to "internal" like this:
(targetattr = "*") (version 3.0;acl "hide internal";
deny (read,write,delete,add)
(groupdn != "ldap:///cn=admin,cn=internal,dc=foo,dc=bar" and
groupdn != "ldap:///cn=configuration administrators,ou=groups,
ou=topologymanagement,o=netscaperoot");)
Now I have a user cn=manager,cn=internal,dc=foo,dc=bar who is member
of the group cn=admin,cn=internal,dc=foo,dc=bar and should be allowed
to access "internal" and its children.
But this doesn't work: I can't even bind as
cn=manager,cn=internal,dc=foo,dc=bar I suppose because the user is an
child of "internal", and so anonymous isn't allowed to access the
object for authentication.
How can I achieve that it is possible to bind as a user in the hidden
sub directory without making it world readable?
cheers
sascha
--
Sascha Wilde OpenPGP key: 4BB86568
Intevation GmbH, Osnabrück
http://www.intevation.de/~wilde/
Amtsgericht Osnabrück, HR B 18998
http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner