[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for only creating entry



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hi,

what I once did was this:

access to dn.regex="uid=(.+),ou=users,dc=example,dc=com"
	by dn.regex="uid=$1,ou=users,dc=example,dc=com" read
	by * none

access to dn.exact="ou=users,dc=example,dc=com" attrs=children
	by dn.exact="%WEBSERVER%" write
	by * none

I think that it worked. But then later, it seemd not to work.

The idea was: some user (in this case your webserver account) can make entries 
under ou=users,dc=example,dc=com.
But at the same time, the new entry doesn't exist yet, and won't match the 
first rule.

Hence, creation is possible, but modifaction or deletion not. In this example. 
users can read their own entry once created.

But I am not sure if this or a similar solution worked...

_Ace

website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/26e1y7boE8xtIjURApjPAKCJ/M94uZ8UsnTxA8GB2ml5nAERnQCdGqRk
zKgGL2kNxtq1nbueMUo57qE=
=Tbz8
-----END PGP SIGNATURE-----