[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL for only creating entry
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
what I once did was this:
access to dn.regex="uid=(.+),ou=users,dc=example,dc=com"
by dn.regex="uid=$1,ou=users,dc=example,dc=com" read
by * none
access to dn.exact="ou=users,dc=example,dc=com" attrs=children
by dn.exact="%WEBSERVER%" write
by * none
I think that it worked. But then later, it seemd not to work.
The idea was: some user (in this case your webserver account) can make entries
under ou=users,dc=example,dc=com.
But at the same time, the new entry doesn't exist yet, and won't match the
first rule.
Hence, creation is possible, but modifaction or deletion not. In this example.
users can read their own entry once created.
But I am not sure if this or a similar solution worked...
_Ace
website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)
iD8DBQE/26e1y7boE8xtIjURApjPAKCJ/M94uZ8UsnTxA8GB2ml5nAERnQCdGqRk
zKgGL2kNxtq1nbueMUo57qE=
=Tbz8
-----END PGP SIGNATURE-----