(Answer) (Category) OpenLDAP Faq-O-Matic : (Category) OpenLDAP Software FAQ : (Category) Configuration : (Category) SLAPD Configuration : (Category) Access Control : (Answer) How do I allow a user write to all entries below theirs?
For a setup where a user can write to its own record and to all of its children:

from 2.2 on:

        access to dn.regex="(.+,)?(uid=[^,]+,o=Company)$"
                by dn.exact,expand="$2" write
                by anonymous auth

(almost) all versions:

        access to dn.regex="(.+,)?(uid=[^,]+,o=Company)$"
                by dn.regex="$2" write
                by anonymous auth
[The 2.2 version saves one (unnecessary) regcomp(3)/regexec(3)/regfree(3)].
[Append to This Answer]
Previous: (Answer) How do I grant access to a subset of attributes?
Next: (Answer) How do I allow entry creation?
This document is: http://www.openldap.org/faq/index.cgi?file=653
[Search] [Appearance]
This is a Faq-O-Matic 2.721.test.
© Copyright 1998-2013, OpenLDAP Foundation, info@OpenLDAP.org