[Date Prev][Date Next] [Chronological] [Thread] [Top]

OpenLDAP create children only

To: openldap-technical@openldap.org
Subject: OpenLDAP create children only
From: Derek Yarnell <derek@umiacs.umd.edu>
Date: Sat, 27 Aug 2011 00:18:39 -0400
Cc: derek@umiacs.umd.edu
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:6.0) Gecko/20110729 Thunderbird/6.0

Hi,

I would like to give a set of users the ability to create objects in the
directory under a specific dn.  It seems by reading the Admin Manual
(specifically the bottom of 8.3.1) that setting the children attribute I
can create correctly.  I do not wish that they can remove the DN after
they have added. So I can't just give them write access to the DN or
that will give them the ability to delete.  Am I missing something or is
this just not possible with the current ACL structure.

Eg.

olcAccess: {9} to dn="ou=groups,dc=example,dc=com" attrs=children by
dn.children="ou=people,dc=example,dc=com" write

So I would like to add a group,

  cn=foo,ou=groups,dc=example,dc=com

but not allow someone in ou=people,dc=example,dc=com to delete the DN
after it is created.

Thanks,
derek

-- 
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies

Follow-Ups:
- Re: OpenLDAP create children only
  - From: masarati@aero.polimi.it

Prev by Date: Re: Need sample OpenLDAP client test program connecting to LDAP server over SSL
Next by Date: Re: OpenLDAP create children only
Index(es):
- Chronological
- Thread