|
Hello,
My LDAP tree is like this
sn=toto,o=bookmarks,c=fr
dcEntry=google,sn=toto,o=bookmarks,c=fr
dcEntry=yahoo,sn=toto,o=bookmarks,c=fr
sn=titi,o=bookmarks,c=fr
dcEntry=google,sn=titi,o=bookmarks,c=fr
dcEntry=yahoo,sn=titi,o=bookmarks,c=fr
I want toto to be able to read all bookmarks (of
toto AND titi) and to be able to write only his bookmarks
I can do it with a simple ACL, but I don't know how
to do for an inifinite count of users
I thought about something like this
access to
".*,sn=self,o=bookmarks,c=fr"
by self write
by * read
But it seems it doesn't work
Someone has an idea (or a better modelisation)
?
Thanks
|