[Date Prev][Date Next] [Chronological] [Thread] [Top]

access control to subtree

To: openldap-software@OpenLDAP.org
Subject: access control to subtree
From: valentyn+openldap@nospam.openoffice.nl
Date: Wed, 20 Feb 2002 09:41:00 +0100
Content-disposition: inline
User-agent: Mutt/1.2.5i

Hello all,

I am trying to give people control over their own entry in the LDAP
database, plus all entries below. I have:

The users hang out in ou=people,dc=openoffice,dc=nl and I would like to give
them control in their own "subtree, like this:

My own DN: uid=valentyn,ou=people,dc=openoffice,dc=nl

Mum: cn=mummy,uid=valentyn,ou=people,dc=openoffice,dc=nl
Grandma: cn=grandma,uid=valentyn,.....

This is to let people put a personal address book in the ldap server.

However, access controls like
access to dn.subtree="uid=.*,ou=People,dc=openoffice,dc=nl"
        by self write

access to dn=".*,(uid=.*,ou=people,dc=openoffice,dc=nl)"
        by dn="$1" write

or other carefully crafted stuff seems not to work.

Is there a way to do this in OpenLDAP (and can this be done without using
the experimental ACL-in-LDAP features)?

If you think this is not a useable scheme, then please tell me so :)

Best regards,

Valentijn
p.s. the From address works. Yes it does.

Prev by Date: Antwort: RE: password change takes 20 seconds
Next by Date: replication question; start_tls
Index(es):
- Chronological
- Thread