Novell LINUX ENTERPRISE 11 - SUBSCRIPTION MANAGEMENT TOOL GUIDE 10-02-2009 Manual page 122

The following example includes creating effective ACLs and a user setup as outlined
above. Modify both the ACLs and the user configuration to match your own setup:
1 Create ACLs similar to the following and make sure you replace the example
2 For each location, create a location user. For example, create a user for each
3 Now the --user option can be set to the following in all posAdmin commands
114 SUSE Linux Enterprise Point of Service Guide
entries by the ones matching your setup. Ensure the more general rules are
specified after the more specific ones. The first matching rule is evaluated and
the following rules are ignored:
access to dn.base="" by * read
access to * attrs=userPassword
by anonymous auth
by self write
access to dn.regex="^.*(cn=.*,ou=.*,o=mycorp,c=us)$"
by dn.regex="^.*,$1$" write
by users read
access to *
by self write
by users read
Allow read access to the Root-DSE.
Allow unauthenticated clients to use the userPassword attribute for
authentication. Authenticated clients (users) are allowed to change their
own password.
Allow access to any DN matching the regular expression. Using the $, you
limit the matches to just those strings that contain nothing beyond the last
character. All DNs matching the regular expression are granted write access,
and authenticated users may read the objects, but not write to them.
Allow access to anything. Entries themselves may write to their entries,
authenticated users may read them, but not modify the entries.
branch location. This user is then granted (write) access to all LDAP data con-
cerning his location, but cannot change the data of the other locations.
posAdmin.pl --user cn=admin,o=mycorp,c=us --password secret --base
cn=east,ou=boston,o=mycorp,c=us --add --scPOSUser --cn EastBostonUser
--userPassword "locationPassword"
concerning the cn=east,ou=boston,o=mycorp,c=us location: