Olá, tenho tentado obter ACL de nível de administrador e operador sem sucesso. Até agora eu tenho
access to attrs=userPassword,shadowLastChange
by self write
by anonymous auth
by set="[cn=Administrators,ou=group,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
by * none
access to attrs=userPassword,shadowLastChange,sambaLMPassword,sambaNTPassword,displayName,description,givenName
by anonymous auth
by self =rwdx
by set="[cn=Administrators,ou=group,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
access to dn.subtree="dc=company,dc=com"
by self =rwdx
by set="[cn=Administrators,ou=groups,dc=company,dc=com]/member* & user" manage
by set="[cn=Domain Admins,ou=groups,dc=company,dc=com]/memberUid* & user" manage
by set="[cn=Operators,ou=groups,dc=company,dc=com]/member* & user" read
by * break
Preciso conceder aos administradores e administradores de domínio direitos totais e acesso de leitura aos operadores. Com as configurações acima, até os administradores têm acesso de leitura.
Alguma ideia? Obrigado
Responder1
Mudei minha configuração para seguir e parece estar funcionando por enquanto
access to attrs=userPassword,sambaNTPassword,shadowLastChange
by anonymous auth
by self write
by group.exact="cn=Administrators,ou=groups,dc=company,dc=com" manage
by group.exact="cn=Operators,ou=groups,dc=company,dc=com" read
access to *
by self write
by dn.exact="uid=austek,ou=Technical,ou=people,dc=company,dc=com" manage
by group.exact="cn=Administrators,ou=groups,dc=company,dc=com" manage
by group.exact="cn=Operators,ou=groups,dc=company,dc=com" read
by * break