Hola, he estado intentando alcanzar el nivel ACL de administrador y operador sin éxito. hasta ahora tengo
access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by set="[cn=Administrators,ou=group,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
by * none
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,displayName,description,givenName
by anonymous auth
by self =rwdx
by set="[cn=Administrators,ou=group,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
access to dn.subtree="dc=company,dc=com"
by self =rwdx
by set="[cn=Administrators,ou=groups,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
by * break
Necesito otorgar a los administradores y administradores de dominio todos los derechos y acceso de lectura a los operadores; con la configuración anterior, incluso los administradores obtienen acceso de lectura.
¿Algunas ideas? Gracias
Respuesta1
Cambié mi configuración a siguiente y parece estar funcionando por ahora
access to attrs=userPassword,sambaNTPassword,shadowLastChange
by anonymous auth
by self write
by group.exact="cn=Administrators,ou=groups,dc=company,dc=com" manage
by group.exact="cn=Operators,ou=groups,dc=company,dc=com" read
access to *
by self write
by dn.exact="uid=austek,ou=Technical,ou=people,dc=company,dc=com" manage
by group.exact="cn=Administrators,ou=groups,dc=company,dc=com" manage
by group.exact="cn=Operators,ou=groups,dc=company,dc=com" read
by * break