[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL's and madness
Tom Possin wrote:
bonehead mistake that I am blind to.
#authenticated users can create and modify private child entries(theory)
access to dn=".*,uid=.*,ou=users,ou=People,dc=home,dc=com"
by dn="$1" write
by anonymous auth
I don't have an environment to test it, but you can try something of :
access to dn.subtree="uid=([^,]+),ou=users,ou=People,dc=home,dc=com"
by dn="$1,ou=users,ou=People,dc=home,dc=com write
by * none
(could be "children" instead of "subtree" but I don't even have
and entry in the man section for slapd.acces).
I'll try something that really workds when I get the chance to
fire up slapd :) and get back to you.
hth,
mitu