[Date Prev][Date Next] [Chronological] [Thread] [Top]

Fwd: Re: Return question (was: Re: Access-problem )

To: openldap <openldap-software@OpenLDAP.org>
Subject: Fwd: Re: Return question (was: Re: Access-problem )
From: M.vanDorp@wiwo.nl
Date: Wed, 19 Jun 2002 13:54:53 +0200 (CEST)


Hi All,

I read all about ACL's, but apparently I'm overlooking something.

I've got:
access to dn=".*,ou=domains,dc=wiwo,dc=nl"
        by dnattr=owner write
        by dn="uid=dnsmanager,ou=roles,dc=wiwo,dc=nl" read

Which does exactly what I expect.

I have an 'owner' attribute in this entry, and the owner can access the
entry.

The entry has child-entries (the actual DNS-records), and I need to fill
those entries with the 'owner' attribute too, if I want to be able to
modify them (if I'm the owner, of course).

Is there a way the children 'inherits' the rights from their parent,
with some fancy 'by' clause.

If it was valid, I would use: by dnattr=parent.owner write

There is no relation to the dn and the owner.

Is there a way to accomplish this in a simple manner?

TIA,

Marcel

Follow-Ups:
- Re: Fwd: Re: Return question (was: Re: Access-problem )
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: account disactivation
Next by Date: ldif export and replication
Index(es):
- Chronological
- Thread