[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Implementation advice

John Blakeley wrote:

> Hi
> So far, I have a 3-branch ldap tree, ou=People, ou=Groups (which
> contains "Admin") and ou=DataDef.
> I need users to add/edit/delete their own 'DataDef' entries, but not see
> anyone else's, unless they are 'Admin'.
> Is there anyway to implement this, assuming I implement an attribute that
> contains the users dn in the 'DataDef'. An example acl would be greatly
> appreciated.

access to dn="[^,]+,ou=DataDef,<your suffix>"
    by dnattr=owner write
    by dn.exact="cn=Admin,ou=Groups,<your suffix>" read
    by * none

the entries with dn="([^,]+),ou=DataDef,<your suffix>"
must have a "owner" attribute which must be set to the
dn of the person that is allowed to modify them.

I hope this is what you mean.


Dr. Pierangelo Masarati    mailto:ando@sys-net.it
Developer, SysNet s.n.c.   http://www.sys-net.it