[Date Prev][Date Next]
Re: Implementation advice
John Blakeley wrote:
> So far, I have a 3-branch ldap tree, ou=People, ou=Groups (which
> contains "Admin") and ou=DataDef.
> I need users to add/edit/delete their own 'DataDef' entries, but not see
> anyone else's, unless they are 'Admin'.
> Is there anyway to implement this, assuming I implement an attribute that
> contains the users dn in the 'DataDef'. An example acl would be greatly
access to dn="[^,]+,ou=DataDef,<your suffix>"
by dnattr=owner write
by dn.exact="cn=Admin,ou=Groups,<your suffix>" read
by * none
the entries with dn="([^,]+),ou=DataDef,<your suffix>"
must have a "owner" attribute which must be set to the
dn of the person that is allowed to modify them.
I hope this is what you mean.
Dr. Pierangelo Masarati mailto:firstname.lastname@example.org
Developer, SysNet s.n.c. http://www.sys-net.it