[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
[Fwd: user owned contacts]
Question: How can I setup 'predictably' named nodes to only be writable
by a corresponding attribute, like uid, in the access control of the
ldap.conf ?
Long winded explanation as to why:
I have been thinking about setting up an LDAP tree node that would allow
users to Create/Remove/Update contacts, and obviously _just_ their
contacts, but query all of them easily with the correct filter.
My current tree is ou=users,dc=example,dc=com and had thought about
creating ou=contacts,dc=example,dc=com with another ou node that
represented the userid. For instance:
If created the user -
uid=jdoe,ou=users,dc=example,dc=com
then could also create -
ou=jdoe,ou=contacts,dc=example,dc=com
Where only jdoe (and the manager/admin account of course) could write to
the joe,contacts node.
This is mostly so that I can setup search web apps to point to
ou=contacts,dc=example,dc=com and do SUBTREE queries in a web lookup for
CRM, or on jdoe's individual email client to include
userid=jdoe,ou=contacts,dc=example,dc=com (as well as the expected
ou=users,dc=example,dc=com) for their address book lookups, etc.
Basically trying to seperate 'external' contacts from the address book
for the email client but still have the ability for users to share and
reference them in the directory.
I was reading
http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control
but really couldn't find an example of what I was looking for...
Any recommendations (or past experience doing similar) would be greatly
appreciated.
Thanks,
Jeremy Kuhnash