[Date Prev][Date Next] [Chronological] [Thread] [Top]

Adding a new entry vs. adding a new attribute



I have two questions:

1)

I have a DIT tree structured as:

|__ dc=mycompany
|_____ ou=engineering, dc=mycomapny
|____________uid=joe, ou=engineering, dc=mycompany
|____________uid=jill, ou=engineering, dc=mycompany

I also have a group "cn=manager,dc=mycompany" with member as
"uid=joe,ou=engineering,dc=mycompany"

I set up my ACL as

access to dn="ou=engineering,dc=mycompany"
    attrs=children
    by group="cn=manager,dc=mycompany" write
    by * none

Now I can add a NEW entry  "uid=tom, ou=engineering, dc=mycompany" using
ldapadd by binding as uid=joe....,
but I cannot add a NEW attribute "userpassword" to the existing entry of
"uid=jill....".

Why?

I thought by specifying "attrs=children", you get complete access to the
subtree under the specified DN. Apparently, I can only add new, but not
modify existing.

However, if I modify the ACL atts line to
  attrs=children,userpassword

then I can both add and modify.

I would think it not efficient to explicitly specify each attributes I need
to change, especially if new attributes are added in future.
I tried specifying "attrs=children,*", but that did not help.


2)

Will somebody also explain how to use "dnattr" and "attr=entry".

Thanks a lot.

Happy Holidays.

Joe Sabu