[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: Re: Return question (was: Re: Access-problem )




Hi All,

I read all about ACL's, but apparently I'm overlooking something.

I've got:
access to dn=".*,ou=domains,dc=wiwo,dc=nl"
        by dnattr=owner write
        by dn="uid=dnsmanager,ou=roles,dc=wiwo,dc=nl" read

Which does exactly what I expect.

I have an 'owner' attribute in this entry, and the owner can access the
entry.

The entry has child-entries (the actual DNS-records), and I need to fill
those entries with the 'owner' attribute too, if I want to be able to
modify them (if I'm the owner, of course).

Is there a way the children 'inherits' the rights from their parent,
with some fancy 'by' clause.

If it was valid, I would use: by dnattr=parent.owner write

There is no relation to the dn and the owner.

Is there a way to accomplish this in a simple manner?

TIA,

Marcel