[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL question
Quoting Birintxo <birintxo@wanadoo.es>:
> Greetings all,
>
> I'm trying to allow anonymous users to add entries, but not to delete them,
>
> they only can delete their own entries. So a user can add as entries as he
> want, but cant delete the other users's entries.
>
> I have tried it with that:
>
> access to *
> by self write
> by anonymous -r continue
> by anonymous +w stop
>
> and with that too:
>
> access to *
> by self write
> by anonymous +w stop
> by anonymous -r continue
>
I do it an easier way, IMO :-)
I just use what boils down to:
access to *
by dn="cn=Manager,o=mydomain.org" write
by self write
by * read
My register scripts us the manager dn and the change and delete scripts
use the user's dn. That way joe can only erase or modify joe and not
jane.
I hope that helps, and I'm sure there are better ways but I'm new and
a bit simplistic :-)
ed
> but don't work. Both examples let users to delete any entry.
>
> Thanks.
>
>
--
To announce that there must be no criticism of the president,
or that we are to stand by the president, right or wrong, is not
only unpatriotic and servile, but is morally treasonable to
the American public. - Theodore Roosevelt
---