[Date Prev][Date Next] [Chronological] [Thread] [Top]

Adding a new entry vs. adding a new attribute

To: <openldap-software@OpenLDAP.org>
Subject: Adding a new entry vs. adding a new attribute
From: "Joe Sabu" <Joe.Sabu@dothill.com>
Date: Thu, 9 Dec 1999 18:02:22 -0500

I have two questions:

1)

I have a DIT tree structured as:

|__ dc=mycompany
|_____ ou=engineering, dc=mycomapny
|____________uid=joe, ou=engineering, dc=mycompany
|____________uid=jill, ou=engineering, dc=mycompany

I also have a group "cn=manager,dc=mycompany" with member as
"uid=joe,ou=engineering,dc=mycompany"

I set up my ACL as

access to dn="ou=engineering,dc=mycompany"
    attrs=children
    by group="cn=manager,dc=mycompany" write
    by * none

Now I can add a NEW entry  "uid=tom, ou=engineering, dc=mycompany" using
ldapadd by binding as uid=joe....,
but I cannot add a NEW attribute "userpassword" to the existing entry of
"uid=jill....".

Why?

I thought by specifying "attrs=children", you get complete access to the
subtree under the specified DN. Apparently, I can only add new, but not
modify existing.

However, if I modify the ACL atts line to
  attrs=children,userpassword

then I can both add and modify.

I would think it not efficient to explicitly specify each attributes I need
to change, especially if new attributes are added in future.
I tried specifying "attrs=children,*", but that did not help.


2)

Will somebody also explain how to use "dnattr" and "attr=entry".

Thanks a lot.

Happy Holidays.

Joe Sabu

Follow-Ups:
- Re: Adding a new entry vs. adding a new attribute
  - From: "Kurt D. Zeilenga" <kurt@boolean.net>

Prev by Date: LDAP with outlook 2000
Next by Date: Netscape Messenger
Index(es):
- Chronological
- Thread