Eu não consigo entender isso direito. Eu tenho um grupo de usuários em um grupo, cn=noc,ou=groups,dc=company,dc=com , que deve ser capaz de mover uma lista entre ou=internalLists,ou=mail,ou=service,dc=company,dc=com e ou=externalLists,ou=mail,ou=service,dc=company,dc=com .
O DN dessa lista é:
cn=mylist,ou=internalLists,ou=mail,ou=service,dc=company,dc=com
Estas são as ACLs que eu tenho para ou=mail,ou=service,dc=company,dc=com subtree:
access to dn.subtree="ou=externalLists,ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=internalLists,ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=ops,ou=Groups,dc=company,dc=com" write
by * read
As ACLs acima funcionam, mas também dão ao grupo acesso 'noc' para mover outras listas também. Eu só quero restringir a apenas uma lista (cn = mylist). Então, tentei o seguinte:
access to dn.subtree="ou=externalLists,ou=mail,ou=service,dc=company,dc=com"
filter="(cn=mylist)"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=internalLists,ou=mail,ou=service,dc=company,dc=com"
filter="(cn=mylist)"
by group/groupOfUniqueNames/uniqueMember="cn=noc,ou=Groups,dc=company,dc=com" write
by * break
access to dn.subtree="ou=mail,ou=service,dc=company,dc=com"
by group/groupOfUniqueNames/uniqueMember="cn=ops,ou=Groups,dc=company,dc=com" write
by * read
Isso me dá um erro de "acesso insuficiente". O que estou fazendo errado?