[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL : access to subtree of any entry of a given objectclass



Hello all

I would like to give write access, for any entry of a given objectclass, to
all its subtree

for example :
dc=enatel,dc=local
  ou=users
    uid=francois
      cn=account1
      cn=account2
  ou=clients
    ou=company1
      uid=smith
        cn=account1
        cn=account2

uid=francois,... and uid=smith,... are entries of a given objectclass,
inetOrgPerson for example
I would like to give them write access to all their subtree, without having
to specify their location in the DIT (which OU...)
I think it is possible with aci support, but is it possible with the
directives in slapd.conf ?

I have read the FAQ at http://www.openldap.org/faq/data/cache/653.html, but
it doesn't satisfy me (ok, I can deal with it if there is no way to do what
I want)

thanks

Francois