[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL Question



Puneet Walia wrote:
Hi all
I m using openldap 2.0.25

I m trying to create an ACL where one user is Administrator for the complete directory structure

for tha I have specified this
1)
access to *
      by self write
      by dn="cn=Manoj,ou=admin,o=HomeAppl" write
      by *  read


2) With the upper acl I have created a client which can create its own children node

access to dn=".*,(Client=.*,businessCat=Calls,o=HomeAppl)"
attrs=children,entry
by dn="$1" write
by anonymous auth
till this leve everythig is working fine
i m able to create clients , and my clients futher are able to create its own user but when it comes to modify those users or add another node under those user , its not happening.


Can anybody tell me whats happening

by specifying attrs=children,entry you're implicitly denying modify access to all the regular attributes of the entry; you're allowing only the addition of an entry or of a child.

Pierangelo.

--
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
mailto:pierangelo.masarati@polimi.it  | fax:   +39 02 2399 8334
http://www.aero.polimi.it/~masarati
Dip. Ing. Aerospaziale Politecnico di Milano,
via La Masa 34, 20156 Milano, Italy