我似乎無法弄清楚這一點。我在一個群組 中有一群用戶,cn=noc,ou=groups,dc=company,dc=com
他們應該能夠在ou=internalLists,ou=mail,ou=service,dc=company,dc=com
到之間移動清單ou=externalLists,ou=mail,ou=service,dc=company,dc=com
。
該清單的 DN 是:
cn=mylist,ou=internalLists,ou=mail,ou=service,dc=company,dc=com
這是我為子樹設定的 ACL ou=mail,ou=service,dc=company,dc=com
:
access to dn.subtree="ou=externalLists,ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=internalLists,ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=ops,ou=Groups,dc=company,dc=com" write
by * read
上述 ACL 有效,但它們也授予「noc」群組移動其他清單的權限。我只是希望它僅限於一個列表(cn=mylist)。所以,我嘗試了以下方法:
access to dn.subtree="ou=externalLists,ou=mail,ou=service,dc=company,dc=com"
filter="(cn=mylist)"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=internalLists,ou=mail,ou=service,dc=company,dc=com"
filter="(cn=mylist)"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=ops,ou=Groups,dc=company,dc=com" write
by * read
這給了我“訪問權限不足”錯誤。我究竟做錯了什麼?