[Fedora-directory-users] ACI trouble: binding as a UID in an "hidden" branch
Sascha Wilde
wilde at intevation.de
Wed Jun 6 14:36:59 UTC 2007
Hi *,
I'm having a directory with an basedn:
dc=foo, dc=bar
containing an "sub directory" named "internal":
cn=internal, dc=foo, dc=bar
Now I want to hide "internal" and its children from most users, with
exception of the members of some administrative groups, so I added an
ACI to "internal" like this:
(targetattr = "*") (version 3.0;acl "hide internal";
deny (read,write,delete,add)
(groupdn != "ldap:///cn=admin,cn=internal,dc=foo,dc=bar" and
groupdn != "ldap:///cn=configuration administrators,ou=groups,
ou=topologymanagement,o=netscaperoot");)
Now I have a user cn=manager,cn=internal,dc=foo,dc=bar who is member
of the group cn=admin,cn=internal,dc=foo,dc=bar and should be allowed
to access "internal" and its children.
But this doesn't work: I can't even bind as
cn=manager,cn=internal,dc=foo,dc=bar I suppose because the user is an
child of "internal", and so anonymous isn't allowed to access the
object for authentication.
How can I achieve that it is possible to bind as a user in the hidden
sub directory without making it world readable?
cheers
sascha
--
Sascha Wilde OpenPGP key: 4BB86568
Intevation GmbH, Osnabrück http://www.intevation.de/~wilde/
Amtsgericht Osnabrück, HR B 18998 http://www.intevation.de/
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/fedora-directory-users/attachments/20070606/d09c9eb6/attachment.sig>
More information about the Fedora-directory-users
mailing list