[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL help

To: openldap-software@OpenLDAP.org
Subject: ACL help
From: Jason Bodnar <jbodnar@tivoli.com>
Date: Wed, 26 Apr 2000 12:02:59 -0500 (CDT)
Organization: Tivoli Systems

Currently, we have the following acls:

defaultaccess   read

access          to attr=userpassword
                by self write
                by * none

access          to attr=manager,serial,title,isManager,actingUid,email
                by self write
                by dnattr=manager write
                by group="cn=OrgChart Admins,ou=web,ou=groups,o=Tivoli Systems" 
                   write

But this keeps people in the OrgChart Admins group from being able to create
new entries. Is it possible to set up an acl that will allow a group to add new
entries but only modify certain attributes of an entry that already exists?

-- 
Jason Bodnar + jbodnar@tivoli.com + Tivoli Systems

Homer:  All right, Herb.  I'll lend you the 2,000 bucks.  But you have
        to forgive me and treat me like a brother.

Herb:   Nope.

Homer:  All right, then, just give me the drinking bird.

                   Brother Can You Spare Two Dimes?

Follow-Ups:
- RE: ACL help
  - From: "Howard Chu" <hyc@highlandsun.com>

Prev by Date: problems with purging(?) LDAP database
Next by Date: Re: problems with purging(?) LDAP database
Index(es):
- Chronological
- Thread