[Date Prev][Date Next] [Chronological] [Thread] [Top]

[Fwd: user owned contacts]



Question: How can I setup 'predictably' named nodes to only be writable

by a corresponding attribute, like uid, in the access control of the ldap.conf ?

Long winded explanation as to why:
I have been thinking about setting up an LDAP tree node that would allow users to Create/Remove/Update contacts, and obviously _just_ their contacts, but query all of them easily with the correct filter.


My current tree is ou=users,dc=example,dc=com and had thought about creating ou=contacts,dc=example,dc=com with another ou node that represented the userid. For instance:

If created the user -
uid=jdoe,ou=users,dc=example,dc=com
then could also create -
ou=jdoe,ou=contacts,dc=example,dc=com

Where only jdoe (and the manager/admin account of course) could write to the joe,contacts node.

This is mostly so that I can setup search web apps to point to ou=contacts,dc=example,dc=com and do SUBTREE queries in a web lookup for CRM, or on jdoe's individual email client to include userid=jdoe,ou=contacts,dc=example,dc=com (as well as the expected ou=users,dc=example,dc=com) for their address book lookups, etc. Basically trying to seperate 'external' contacts from the address book for the email client but still have the ability for users to share and reference them in the directory.

I was reading http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control
but really couldn't find an example of what I was looking for...


Any recommendations (or past experience doing similar) would be greatly appreciated.

Thanks,
Jeremy Kuhnash