[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL's and madness



Tom Possin wrote:
bonehead mistake that I am blind to.

#authenticated users can create and modify private child entries(theory) access to dn=".*,uid=.*,ou=users,ou=People,dc=home,dc=com" by dn="$1" write by anonymous auth

I don't have an environment to test it, but you can try something of :

access to dn.subtree="uid=([^,]+),ou=users,ou=People,dc=home,dc=com"
	by dn="$1,ou=users,ou=People,dc=home,dc=com write
	by * none
(could be "children" instead of "subtree" but I don't even have
and entry in the man section for slapd.acces).
I'll try something that really workds when I get the chance to
fire up slapd :) and  get back to you.

hth,
mitu