[Date Prev][Date Next] [Chronological] [Thread] [Top]

Newbie ACL question

To: <openldap-software@OpenLDAP.org>
Subject: Newbie ACL question
From: Fredrick DeQuan Lee <flee@digencp.org>
Date: Tue, 20 Mar 2001 01:37:47 -0600 (CST)

Hi,
	I want to set up an addressbook in openLDAP 2.0.7 that will allow
users to add/delete/read only the entries that they've created. I want to
use the inetOrgPerson object as the addressbook entries. I already have
the users added to the LDAP server and they're able to edit their own
entries(edit phone numbers, change passwords, etc.).
	What I would like to do is set up an an entry like
ou=AddressBook,dc=company,dc=com. I then want users to be able to have
exclusive read/write access to any .*,ou=AddressBook,dc=company,dc=com
entries they create.
	I've altered/extended the inetOrgPerson object to include the
owner attribute where I want owner to equal the dn of the user creating
the entry.
	I've attempted the following ACL:

access to dn=".*,ou=AddressBook,dc=company,dc=com"
        by dnattr=owner selfwrite
        by dn="cn=admin,dc=company,dc=com" write
        by * none

When I attempted to add an entry as a user through ldapadd, I received the
following error:

ldap_add: Insufficient access
        additional info: no write access to parent

I've read the OpenLDAP 2.0 Admin guide and read through the ACL section of
the FAQ-O-Matic. However, I'm still at a loss. Can anyone offer any
insight or perhaps a better online reference for ACLs? Thanks in advance.

-- 
|Fredrick DeQuan Lee, H.G.I.C.
|http://www.digencp.org

Prev by Date: Re: Auth pro w/ IMAP & LDAP
Next by Date: SASL??
Index(es):
- Chronological
- Thread