[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Adding a new entry vs. adding a new attribute
I have two questions:
1)
I have a DIT tree structured as:
|__ dc=mycompany
|_____ ou=engineering, dc=mycomapny
|____________uid=joe, ou=engineering, dc=mycompany
|____________uid=jill, ou=engineering, dc=mycompany
I also have a group "cn=manager,dc=mycompany" with member as
"uid=joe,ou=engineering,dc=mycompany"
I set up my ACL as
access to dn="ou=engineering,dc=mycompany"
attrs=children
by group="cn=manager,dc=mycompany" write
by * none
Now I can add a NEW entry "uid=tom, ou=engineering, dc=mycompany" using
ldapadd by binding as uid=joe....,
but I cannot add a NEW attribute "userpassword" to the existing entry of
"uid=jill....".
Why?
I thought by specifying "attrs=children", you get complete access to the
subtree under the specified DN. Apparently, I can only add new, but not
modify existing.
However, if I modify the ACL atts line to
attrs=children,userpassword
then I can both add and modify.
I would think it not efficient to explicitly specify each attributes I need
to change, especially if new attributes are added in future.
I tried specifying "attrs=children,*", but that did not help.
2)
Will somebody also explain how to use "dnattr" and "attr=entry".
Thanks a lot.
Happy Holidays.
Joe Sabu