[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL question

To: birintxo@wanadoo.es
Subject: Re: ACL question
From: Edwin Culp <eculp@encontacto.net>
Date: Mon, 18 Feb 2002 11:35:43 -0800
Cc: OpenLDAP Software List <openldap-software@OpenLDAP.org>
In-reply-to: <200202181920.g1IJKVY14260@smtp.wanadoo.es>
References: <200202181920.g1IJKVY14260@smtp.wanadoo.es>
User-agent: Internet Messaging Program (IMP) 4.0-cvs

Quoting Birintxo <birintxo@wanadoo.es>:

> Greetings all,
> 
> 	I'm trying to allow anonymous users to add entries, but not to delete them,
> 
> they only can delete their own entries. So a user can add as entries as he 
> want, but cant delete the other users's entries.
> 
> I have tried it with that:
> 
> access to *
>         by self write
>         by anonymous -r continue
>         by anonymous +w stop
> 
> and with that too:
> 
> access to *
>         by self write
>         by anonymous +w stop
>         by anonymous -r continue
> 
I do it an easier way, IMO :-)
I just use what boils down to:
access to * 
         by dn="cn=Manager,o=mydomain.org" write 
         by self write 
         by * read

My register scripts us the manager dn and the change and delete scripts
use the user's dn.  That way joe can only erase or modify joe and not
jane.

I hope that helps, and I'm sure there are better ways but I'm new and
a bit simplistic :-)


ed
> but don't work. Both examples let users to delete any entry.
> 
> Thanks.
> 
> 

-- 
To announce that there must be no criticism of the president,
or that we are to stand by the president, right or wrong, is not
only unpatriotic and servile, but is morally treasonable to
the American public.  - Theodore Roosevelt



---

References:
- ACL question
  - From: Birintxo <birintxo@wanadoo.es>

Prev by Date: ACL question
Next by Date: Thread-safe using auth_ldap with OpenLDAP SDK
Index(es):
- Chronological
- Thread