[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL for only creating entry
Hello, all. I'm trying to get a script ( http://phpldapadmin.sf.net ) to
act as a public registration interface to my ldap directory. It will allow
the public to create an account for themselves without needing admin
action. However, I'm having trouble setting up ACL's to grant this sort of
access.
I'm trying to give the script (binding under the dn of
"uid=webregister,ou=services,dc=theoretic,dc=com" with a password I won't
specify here) permission to create new entries (users with userPassword
attributes and all) directly under the dn of
"ou=users,dc=theoretic,dc=com", but not anything else (such as delete any
entries or modify any entries, perhaps not even read any entries, even the
ones it creates if possible).
I've messed with different ACL configurations for the past 3 hours, but no
success. I can either give it full write access to all entries or no write
acceess at all (forbidding it from creating entries under "ou=users...").
Any suggestions on ACLs I can use? Thanks.