Am 28.07.2009 um 01:04 schrieb Howard Chu: Hi Howard,
dn: ou=container,o=org,c=de objectClass: top objectClass: organizationalUtit ou: container and dn: cn=person,ou=container,o=org,c=de objectClass: top objectClass: person cn: person sn: jackson Now i would like to add some kind of acl to the cn=person (the objectClass "acl" is not real, but it should demonstrate, what i need): dn: cn=person,ou=container,o=org,c=de objectClass: top objectClass: person objectClass: acl cn: person sn: jackson aclAllowByDn: cn=user1,ou=users,o=org,c=de So if the user "user1" binds successfully he has the permission to modify the entry. When a new entry is createt or a entry is deletet, i also need write access to the parent object in the tree, so i have to expand the ou=container object too in some way to allow the operation. It should be possible to assign the right to add, modify and delete dynamically to an other ldap object, e.g. a user object. Thanks a lot with kind regards Jens -- linux systeme thomas Jens Thomas Völklinger Straße 9 42285 Wuppertal Telefon: +49.202.3097507 Mobil: +49.177.9301386 eFax: +49.202.85064329 USt-ID: DE250711901 |