[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: question about how to enforce directory tree structure

james liang writes:


I am new to LDAP. I am trying to build an application around openldap. I have a question about how to enforce the directory structure (not the structure of the entry). From my reading about ldap, I am under the impression that ldap treats the directory separately from the entries that are stored in the nodes of the directory. One can use objectclass to control what is stored in an entry. However how does one control the directory tree structure itself? I want to limit the kind of directory tree structure a client can create in the ldap server. Pre-creating the directory will not work since I need to allow the client to create sub branches of arbitrary depth as long as those sub branches meet the my spec.

You can do it by playing with the entry/children meta-attributes in ACLs.
Read the documentation about how to give specific write permissions
for "entry" (which means permission to create a specific DN) and
"children" (which means permissin to append an entry as a branch of a
given DN).

Dr. Pierangelo Masarati | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale | fax: +39 02 2399 8334
Politecnico di Milano | mailto:pierangelo.masarati@polimi.it
via La Masa 34, 20156 Milano, Italy | http://www.aero.polimi.it/~masarati