Re: LDAP - user addressbooks

[Craig White <craigwhite@azapple.com>]

On Sun, 2003-12-28 at 18:29, Adam Tauno Williams wrote:
> > I have a LDAP authentication system about ready to put online. I am
> > looking at having each user have at least a copy of their addressbook
> > (currently Outlook Contacts) in their own personal addressbook on the
> > LDAP server.
> > I have been googling this and see some promise here. My first question
> > is - if each user has a cn/uid in People:BaseDN it would make sense for
> > me to have the tree located for each user. Is there any reason to create
> > a new tree...AddressBooks:BaseDN? thus stepping out of the People:BaseDN
> > tree?
> 
> It is handy to seperate things that are searched for different reasons into
> different ou's.  That way searches don't have to search more than they have to,
>  also can make it easier to write ACLs.  But for something like this it could
> go either way.
---
OK - let's say that my posixAccount info is in ou=People,+suffix

I create cn=user,ou=personaldirectories,ou=addressBooks,+suffix

I would like to limit read and write access to this
cn=user,ou=personaldirectories to the user whose password is stored in
cn/uid=user,o=People,+suffix

Obviously I can use acl's to limit self read/write but how does it
authenticate based upon userPassword in separate tree? Does it just
automatically know that if
cn=user,ou=personaldirectories,ou=addressbooks,+suffix must authenticate
from finding cn=user,ou=People,+suffix or must an external bit of glue
be applied?

Thanks,

Craig