[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
access control to subtree
Hello all,
I am trying to give people control over their own entry in the LDAP
database, plus all entries below. I have:
The users hang out in ou=people,dc=openoffice,dc=nl and I would like to give
them control in their own "subtree, like this:
My own DN: uid=valentyn,ou=people,dc=openoffice,dc=nl
Mum: cn=mummy,uid=valentyn,ou=people,dc=openoffice,dc=nl
Grandma: cn=grandma,uid=valentyn,.....
This is to let people put a personal address book in the ldap server.
However, access controls like
access to dn.subtree="uid=.*,ou=People,dc=openoffice,dc=nl"
by self write
access to dn=".*,(uid=.*,ou=people,dc=openoffice,dc=nl)"
by dn="$1" write
or other carefully crafted stuff seems not to work.
Is there a way to do this in OpenLDAP (and can this be done without using
the experimental ACL-in-LDAP features)?
If you think this is not a useable scheme, then please tell me so :)
Best regards,
Valentijn
p.s. the From address works. Yes it does.