[Date Prev][Date Next] [Chronological] [Thread] [Top]

access control to subtree



Hello all,

I am trying to give people control over their own entry in the LDAP
database, plus all entries below. I have:

The users hang out in ou=people,dc=openoffice,dc=nl and I would like to give
them control in their own "subtree, like this:

My own DN: uid=valentyn,ou=people,dc=openoffice,dc=nl

Mum: cn=mummy,uid=valentyn,ou=people,dc=openoffice,dc=nl
Grandma: cn=grandma,uid=valentyn,.....

This is to let people put a personal address book in the ldap server.

However, access controls like
access to dn.subtree="uid=.*,ou=People,dc=openoffice,dc=nl"
        by self write

access to dn=".*,(uid=.*,ou=people,dc=openoffice,dc=nl)"
        by dn="$1" write

or other carefully crafted stuff seems not to work.

Is there a way to do this in OpenLDAP (and can this be done without using
the experimental ACL-in-LDAP features)?

If you think this is not a useable scheme, then please tell me so :)

Best regards,

Valentijn
p.s. the From address works. Yes it does.