[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Implementation advice
John Blakeley wrote:
> Hi
>
> So far, I have a 3-branch ldap tree, ou=People, ou=Groups (which
> contains "Admin") and ou=DataDef.
>
> I need users to add/edit/delete their own 'DataDef' entries, but not see
> anyone else's, unless they are 'Admin'.
>
> Is there anyway to implement this, assuming I implement an attribute that
> contains the users dn in the 'DataDef'. An example acl would be greatly
> appreciated.
access to dn="[^,]+,ou=DataDef,<your suffix>"
by dnattr=owner write
by dn.exact="cn=Admin,ou=Groups,<your suffix>" read
by * none
the entries with dn="([^,]+),ou=DataDef,<your suffix>"
must have a "owner" attribute which must be set to the
dn of the person that is allowed to modify them.
I hope this is what you mean.
Pierangelo.
--
Dr. Pierangelo Masarati mailto:ando@sys-net.it
Developer, SysNet s.n.c. http://www.sys-net.it