[389-users] ACL Console

Arpit Tolani arpittolani at gmail.com
Mon Feb 27 12:25:43 UTC 2012 

Hie

 Hello,
>
>  can someone help me please about that?
>
>  Thanks
>
> ------------------------------
>
> Hello All,
>
> I would like to profile ACLs in order to let some users manage their own OU via Console.
> Example:
> -OUone | USERone, USERtwo, USERthree
> -OUtwo | USERfour, USERfive
> -OUthree | USERsix, USERseven, USEReight
>
> In every OU I have many users, but I would like to give console access to one user x OU and let them manage their own OU without list and manage the other OUs.
>
> USERone can add or remove users ONLY for OUone
> USERfour can add or remove users ONLY for OUtwo
> USERsix can add or remove users ONLY for OUthree
>
> Thanks!!
>
> Andrea
>
>
>
Below acl's will help you to achieve the same.

aci: (targetattr = "*") (target = "ldap:///ou=ouone,dc=example,dc=com")
(versi
 on 3.0;acl "user_one";allow (all,proxy)(userdn =
"ldap:///uid=userone,ou=Peo
 ple,dc=example,dc=com");)
aci: (targetattr = "*") (target = "ldap:///ou=outwo,dc=example,dc=com")
(versi
 on 3.0;acl "user_four";allow (all)(userdn =
"ldap:///uid=userfour,ou=People,
 dc=example,dc=com");)
aci: (targetattr = "*") (target = "ldap:///ou=outhree,dc=example,dc=com")
(ver
 sion 3.0;acl "user_six";allow (all)(userdn =
"ldap:///uid=usersix,ou=People,
 dc=example,dc=com");)

It says uid=userone,ou=People,dc=example,dc=com can write in
ou=ouone,dc=example,dc=com
& uid=userfour,ou=People,dc=example,dc=com can write in
ou=outwo,dc=example,dc=com
& uid=usersix,ou=People,dc=example,dc=com can write in
ou=outhree,dc=example,dc=com

Example
# entry-id: 19
dn: uid=utest,ou=ouone,dc=example,dc=com
uid: utest
givenName: user
objectClass: top
objectClass: person
objectClass: organizationalPerson
objectClass: inetorgperson
sn: test
cn: user test
userPassword: {MD5}4nmK8Sp6D09wtNae+8JfTQ==
creatorsName: uid=userone,ou=people,dc=example,dc=com <---------- created
as per ACI
modifiersName: uid=userone,ou=people,dc=example,dc=com
createTimestamp: 20120227201512Z
modifyTimestamp: 20120227201512Z
nsUniqueId: ad0ee181-617f11e1-bd04f4a7-338b5e96


Regards
Arpit Tolani
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120227/d79aa54f/attachment.html>

More information about the 389-users mailing list