[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access rights/adding new people

On Wed, 13 Sep 2000, Janni Fikouras wrote:

>   I am currently developing a Kontakt/personel management software based on
> LDAP and I have run across the following problem.


> defaultaccess   read
> access to * by self write
> access to attribute=userPassword
>         by dn="uid=root,o=BIBA,c=DE" write
>         by self write
>         by dn="^$" none
>         by * none
> access to * by dn="uid=root,o=BIBA,c=DE" write
> access to dn=".*,ou=PPC,o=BIBA,c=DE"
>         by dnattr=ou write
> access to dn=".*,ou=.*,o=BIBA,c=DE"
>         by dnattr=manager write
> access to dn=".*,ou=Roaming,o=BIBA,c=DE"
>         by dnattr=owner write
>   My problem is that this config does not allow users to add *new* entries
> i.e. a secretary adding a new contact.

To do this you must have write access to the 'container'. For example:

access to dn="ou=.*,o=BIBA,c=DE"
	by dnattr=manager write

So the manager can add/remove entries to their own organizational unit.


PS: I could be wrong here but this is how it's done with NDS as I recall
from the time I took my CNE4 exam. (Some while ago ;-)

Hugo van der Kooij; Oranje Nassaustraat 16; 3155 VJ  Maasland
hvdkooij@caiw.nl	http://home.kabelfoon.nl/~hvdkooij/
Quoting this tagline is illegal! (http://www.dtcc.edu/cs/rfc1855.html)