[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
allow a user create some objects under his entry
- To: openldap-software@OpenLDAP.org
- Subject: allow a user create some objects under his entry
- From: François Beretti <francois.beretti@enatel.com>
- Date: Fri, 02 Jul 2004 15:11:16 +0200
- Organization: Enatel
- User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.6b) Gecko/20031205 Thunderbird/0.4
Hi,
Just in case it would help somebody, here are my acl rules to allow a
user to create entries of a given objectClass under himself :
access to attrs="children" by self write
access to filter="objectclass=myGivenObjectClass"
dn.regex="([^,]+)=([^,]+),([^,]+)=([^,]+),.*"
by dn.regex="$3=$4,$5" write
So any authentified user can create entries of class
'myGivenObjectClass' just under its entry.
Since I don't use 'cn' or 'uid' in it, this acl works even if the
attribute used for the RDN is modified, for example if you use
cn=francois,ou=... to name the users, or uid=francois,ou=...
It seems to work, tell me if you see a mistake or a possible improvement.
François