[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Access rights/adding new people
On Wed, 13 Sep 2000, Janni Fikouras wrote:
> I am currently developing a Kontakt/personel management software based on
> LDAP and I have run across the following problem.
...
> defaultaccess read
> access to * by self write
> access to attribute=userPassword
> by dn="uid=root,o=BIBA,c=DE" write
> by self write
> by dn="^$" none
> by * none
> access to * by dn="uid=root,o=BIBA,c=DE" write
> access to dn=".*,ou=PPC,o=BIBA,c=DE"
> by dnattr=ou write
> access to dn=".*,ou=.*,o=BIBA,c=DE"
> by dnattr=manager write
> access to dn=".*,ou=Roaming,o=BIBA,c=DE"
> by dnattr=owner write
>
> My problem is that this config does not allow users to add *new* entries
> i.e. a secretary adding a new contact.
To do this you must have write access to the 'container'. For example:
access to dn="ou=.*,o=BIBA,c=DE"
by dnattr=manager write
So the manager can add/remove entries to their own organizational unit.
Hugo.
PS: I could be wrong here but this is how it's done with NDS as I recall
from the time I took my CNE4 exam. (Some while ago ;-)
--
Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ Maasland
hvdkooij@caiw.nl http://home.kabelfoon.nl/~hvdkooij/
--------------------------------------------------------------
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)