Hallo, ich habe vergeblich versucht, eine ACL auf Administrator- und Operatorebene zu erreichen. Bisher habe ich
access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by set="[cn=Administrators,ou=group,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
by * none
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,displayName,description,givenName
by anonymous auth
by self =rwdx
by set="[cn=Administrators,ou=group,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
access to dn.subtree="dc=company,dc=com"
by self =rwdx
by set="[cn=Administrators,ou=groups,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
by * break
Ich muss Administratoren und Domänenadministratoren Vollzugriff und Operatoren Lesezugriff gewähren. Mit den obigen Einstellungen erhalten sogar Administratoren Lesezugriff.
Irgendwelche Ideen? Danke
Antwort1
Ich habe meine Konfiguration wie folgt geändert und es scheint jetzt zu funktionieren
access to attrs=userPassword,sambaNTPassword,shadowLastChange
by anonymous auth
by self write
by group.exact="cn=Administrators,ou=groups,dc=company,dc=com" manage
by group.exact="cn=Operators,ou=groups,dc=company,dc=com" read
access to *
by self write
by dn.exact="uid=austek,ou=Technical,ou=people,dc=company,dc=com" manage
by group.exact="cn=Administrators,ou=groups,dc=company,dc=com" manage
by group.exact="cn=Operators,ou=groups,dc=company,dc=com" read
by * break