[Fwd: user owned contacts]

[Jeremy Kuhnash <lists@planetzed.net>]

Question: How can I setup 'predictably' named nodes to only be writable

by a corresponding attribute, like uid, in the access control of the 
ldap.conf ?

Long winded explanation as to why:
I have been thinking about setting up an LDAP tree node that would allow 
users to Create/Remove/Update contacts, and obviously _just_ their 
contacts, but query all of them easily with the correct filter.

My current tree is ou=users,dc=example,dc=com and had thought about 
creating ou=contacts,dc=example,dc=com  with another ou node that 
represented the userid. For instance:

If created the user -
uid=jdoe,ou=users,dc=example,dc=com
then could also create -
ou=jdoe,ou=contacts,dc=example,dc=com

Where only jdoe (and the manager/admin account of course) could write to 
the joe,contacts node.

This is mostly so that I can setup search web apps to point to 
ou=contacts,dc=example,dc=com and do SUBTREE queries in a web lookup for 
CRM, or on jdoe's individual email client to include 
userid=jdoe,ou=contacts,dc=example,dc=com (as well as the expected 
ou=users,dc=example,dc=com) for their address book lookups, etc. 
Basically trying to seperate 'external' contacts from the address book 
for the email client but still have the ability for users to share and 
reference them in the directory.

I was reading 
http://www.openldap.org/doc/admin/slapdconfig.html#Access%20Control
but really couldn't find an example of what I was looking for...

Any recommendations (or past experience doing similar) would be greatly 
appreciated.

Thanks,
Jeremy Kuhnash