[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL
At 09:02 AM 3/4/00 +0100, Pierangelo Masarati wrote:
>It is not clear to me how can I allow some dn to add children
>entries to a parent entry, say
>
>cn=child,cn=parent,o=My Org.,c=IT
>
>without giving that dn write permission on all the parent
>entry attributes.
You can do this by only granting permission to the parent's
"children" psuedo attribute.
access to "cn=parent,o=My Org.,c=IT" attr=children
by dn="cn=adder,o=My Org.,c=IT" write
access to "cn=child,cn=parent,o=My Org.,c=IT"
by dn="cn=adder,o=My Org.,c=IT" write
This grants "cn=adder,o=My Org.,c=IT" access to add, modrdn,
delete the child to/from the parent and to write the children
themselves. If you wanted to allow adder write access to
all children, you could replace the second ACL with:
access to ".*,cn=parent,o=My Org.,c=IT"
by dn="cn=adder,o=My Org.,c=IT" write
- References:
- ACL
- From: Pierangelo Masarati <pmasarati@bci.it>