On 8/23/19 11:34 AM, Mark Reynolds wrote:
Moving to the correct list (389-users)...
On 8/23/19 9:05 AM, Miljan Žugić wrote:
>
> I apologize in advance if this is wrong address 😊
>
> I build up 2 389 DS server, make replication and up till now, all
> looks fine.
>
> But I have some issue about ACI. Where I can find good forum or site
> to get some real examples of ACI ?
>
> Or if you can help me…I want something like this, to make “anonymous”
> can do read, search and compare for levels B and D, but deny to A and
> E (actually I have problem with level E, I can do deny to anyone to
> level E or deeper, but I need some specific accounts to access level
> E or deeper, so…I stuck how to do that) :
>
First you should really read the access control docs:
https://access.redhat.com/documentation/en-us/red_hat_directory_server/10...
In order to do what you want you need two kinds of aci, allow and deny.
You need deny rules because when you set an aci on a subtree it applies
to all its children. So as you noted you can deny level E, but it
denies everyone even if they previously had access. So you need to add
new aci's on level E that open up access to the users/groups you want to
have access. So you might end up with "duplicate" aci's at different
levels in your tree.
So on level B you have your anonymous access aci's - this will apply to
all lower branches. On Level E must have a deny "anonymous/anyone"
rule, and then you add new acis to level E that open it back up for
those you want to have access.
HTH,
Mark
> Anyhow, BR 😃
>
> *Miljan Žugić*
>
> Sistemski inženjer | Systems engineer
>
> Sistemska podrška**| Corporate IT
>
> **
>
> *T* +381 11 3306514
>
> *M*+381 62 250 523
>
> *E*Miljan.Zugic(a)halcom.rs
>
> *Halcom a.d.*
>
> Beogradska 39 | 11000 Beograd | Srbija
>
> *www.halcom.rs*
>
--
389 Directory Server Development Team
_______________________________________________
389-users mailing list -- 389-users(a)lists.fedoraproject.org
To unsubscribe send an email to 389-users-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/389-users@lists.fedoraproje...
--
389 Directory Server Development Team