[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access rights/adding new people

To: Janni Fikouras <feanor@Informatik.Uni-Bremen.DE>
Subject: Re: Access rights/adding new people
From: Hugo.van.der.Kooij@caiw.nl
Date: Wed, 13 Sep 2000 19:52:47 +0200 (CEST)
Cc: openldap-software@OpenLDAP.org
In-reply-to: <200009131330.PAA09950@s53.informatik.uni-bremen.de>

On Wed, 13 Sep 2000, Janni Fikouras wrote:

>   I am currently developing a Kontakt/personel management software based on
> LDAP and I have run across the following problem.

...

> defaultaccess   read
> access to * by self write
> access to attribute=userPassword
>         by dn="uid=root,o=BIBA,c=DE" write
>         by self write
>         by dn="^$" none
>         by * none
> access to * by dn="uid=root,o=BIBA,c=DE" write
> access to dn=".*,ou=PPC,o=BIBA,c=DE"
>         by dnattr=ou write
> access to dn=".*,ou=.*,o=BIBA,c=DE"
>         by dnattr=manager write
> access to dn=".*,ou=Roaming,o=BIBA,c=DE"
>         by dnattr=owner write
> 
>   My problem is that this config does not allow users to add *new* entries
> i.e. a secretary adding a new contact.

To do this you must have write access to the 'container'. For example:

access to dn="ou=.*,o=BIBA,c=DE"
	by dnattr=manager write

So the manager can add/remove entries to their own organizational unit.

Hugo.

PS: I could be wrong here but this is how it's done with NDS as I recall
from the time I took my CNE4 exam. (Some while ago ;-)

-- 
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij@caiw.nl	http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)

References:
- Access rights/adding new people
  - From: Janni Fikouras <feanor@Informatik.Uni-Bremen.DE>

Prev by Date: Re: suddenly I can't find things....
Next by Date: Re: OpenLDAP 2.0.1, netscape and userSMIMEcertificate
Index(es):
- Chronological
- Thread