.png)
Não consigo entender isso direito. Eu tenho vários usuários em um grupo, cn=noc,ou=groups,dc=company,dc=comque devem ser capazes de mover uma lista entre ou=internalLists,ou=mail,ou=service,dc=company,dc=compara ou=externalLists,ou=mail,ou=service,dc=company,dc=com.
O DN dessa lista é:
cn=mylist,ou=internalLists,ou=mail,ou=service,dc=company,dc=com
Estas são as ACLs que tenho para ou=mail,ou=service,dc=company,dc=coma subárvore:
access to dn.subtree="ou=externalLists,ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=internalLists,ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=ops,ou=Groups,dc=company,dc=com" write
by * read
As ACLs acima funcionam, mas também dão ao grupo acesso 'noc' para mover outras listas. Eu só quero restringir apenas uma lista (cn=mylist). Então, tentei o seguinte:
access to dn.subtree="ou=externalLists,ou=mail,ou=service,dc=company,dc=com"
filter="(cn=mylist)"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=internalLists,ou=mail,ou=service,dc=company,dc=com"
filter="(cn=mylist)"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=ops,ou=Groups,dc=company,dc=com" write
by * read
Isso me dá o erro 'Acesso insuficiente'. O que estou fazendo de errado?