[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL question



Quoting Birintxo <birintxo@wanadoo.es>:

> Greetings all,
> 
> 	I'm trying to allow anonymous users to add entries, but not to delete them,
> 
> they only can delete their own entries. So a user can add as entries as he 
> want, but cant delete the other users's entries.
> 
> I have tried it with that:
> 
> access to *
>         by self write
>         by anonymous -r continue
>         by anonymous +w stop
> 
> and with that too:
> 
> access to *
>         by self write
>         by anonymous +w stop
>         by anonymous -r continue
> 
I do it an easier way, IMO :-)
I just use what boils down to:
access to * 
         by dn="cn=Manager,o=mydomain.org" write 
         by self write 
         by * read

My register scripts us the manager dn and the change and delete scripts
use the user's dn.  That way joe can only erase or modify joe and not
jane.

I hope that helps, and I'm sure there are better ways but I'm new and
a bit simplistic :-)


ed
> but don't work. Both examples let users to delete any entry.
> 
> Thanks.
> 
> 

-- 
To announce that there must be no criticism of the president,
or that we are to stand by the president, right or wrong, is not
only unpatriotic and servile, but is morally treasonable to
the American public.  - Theodore Roosevelt



---