[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: Naive question
Hari,
turba/horde (http://www.horde.org/turba/) is handling that in a way that
users can have their own address book under their own entry:
The user:
dn: uid=User,ou=People,dc=foo,dc=bar
The address book:
dn: ou=ABook,uid=User,ou=People,dc=foo,dc=bar
That way you have a global address book under
dn: ou=People,dc=foo,dc=bar
and a personal one under the entry of each user; but, since
access to
dn.subtree="ou=PersonalAddressBook,uid=User,ou=People,dc=foo,dc=bar"
by self write
by dn="cn=Admin,dc=foo,dc=bar" write
by users read
(see http://www.openldap.org/software/man.cgi?query=slapd.access)
must not work ('self' in my understanding only refers to
'uid=User,ou=People,dc=foo,dc=bar' in this example, not the entire
subtree), you'll yet have to add an access rule for every user with
his/her own personal address book, like
access to dn.subtree="uid=User,ou=People,dc=foo,dc=bar"
by dn="uid=User,ou=People,dc=foo,dc=bar" write
by dn="cn=Admin,dc=foo,dc=bar" write
by users read
Not quite what you (and me too) wanted, right?!
Max
Hariharan Gopalan wrote:
> I am looking to openldap to provide contact database for my organization.
> What I am hoping is that the members would be able to maintain their own
> contact information upto date, without anyone having to maintain this
> manually. Am I looking at record level access control for this? Am just
> trying it out, and struggling with it, so thought it better to get this
> cleared before I put in more time!