[Date Prev][Date Next]
Adding a new entry vs. adding a new attribute
I have two questions:
I have a DIT tree structured as:
|_____ ou=engineering, dc=mycomapny
|____________uid=joe, ou=engineering, dc=mycompany
|____________uid=jill, ou=engineering, dc=mycompany
I also have a group "cn=manager,dc=mycompany" with member as
I set up my ACL as
access to dn="ou=engineering,dc=mycompany"
by group="cn=manager,dc=mycompany" write
by * none
Now I can add a NEW entry "uid=tom, ou=engineering, dc=mycompany" using
ldapadd by binding as uid=joe....,
but I cannot add a NEW attribute "userpassword" to the existing entry of
I thought by specifying "attrs=children", you get complete access to the
subtree under the specified DN. Apparently, I can only add new, but not
However, if I modify the ACL atts line to
then I can both add and modify.
I would think it not efficient to explicitly specify each attributes I need
to change, especially if new attributes are added in future.
I tried specifying "attrs=children,*", but that did not help.
Will somebody also explain how to use "dnattr" and "attr=entry".
Thanks a lot.