I need some help with ACLs in openldap 2.1.22
My directory tree looks like this.
dc=localsurface,dc=com
|
|
ou=domain.org ___ou=domain.com
| |
| |
user@domain.org user@domain.com
As is, users can search the entire tree across domains. I'd like to restrict
each user to his own domain. I see how to restrict each user to his own
entries, but not his domain. The purpose is to have authentication for
Courier-imap and also an address book. My ACLs in slapd.conf look like this:
#prevents users from looking at passwords
access to attrs=clearPassword,userPassword
by anonymous auth
by self write
by dn="cn=admin,dc=localsurface,dc=com" write
by * none
#filters need access to this
access to attr=accountStatus
by dn="cn=admin,dc=localsurface,dc=com" read
access to *
by dn="cn=admin,dc=localsurface,dc=com" write
by self write
by users read
by * read
Thanks,
Craig Jackson
attached mail follows:
___________________
Nolug mailing list
nolug@nolug.org
This archive was generated by hypermail 2.2.0 : 12/19/08 EST