[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Write access for users to their children
I would value the advice of the list on developing the correct access
control statement that would allow a user to write to their own entry
and to any entry beneath them in the tree. I have tried the method in
the FAQ at http://www.openldap.org/faq/data/cache/653.html but can't
get it to produce the right outcome.
Specifically,
root domain
dc=medicine,dc=net,dc=au
level one ou=Hospital One
ou=Northern GPs ....... (about 30
organisations)
level two ou=Emergency & ou=Surgery... ou=High St
Clinic & ou=Family Med Centre...
level three cn=Mark Green cn=Victor Chang cn=Marcus
Welby cn=Dr Jekyl
I'd like someone who has a bind as Hospital One to be able to add and
edit departments (level two) and their doctors (level three), and
someone with a bind as Emergency to be able to add and edit doctors
within that department.
I have tried combinations of this ACL without success and would
appreciate some advice. Thanks.
access to attrs=userPassword
by self write
by * auth
access to dn.regex="(.+),?(ou=[^,]+,dc=medicine,dc=org,dc=au)$"
by dn.exact,expand="$2" write
by anonymous auth
access to *
by self write
by * read
Tony Lembke
tony@lemlink.com.au