[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL : access to subtree of any entry of a given objectclass

To: "Openldap-Software" <openldap-software@OpenLDAP.org>
Subject: ACL : access to subtree of any entry of a given objectclass
From: François Beretti <francois.beretti@enatel.com>
Date: Mon, 23 Jun 2003 10:36:35 +0200
Importance: Normal

Hello all

I would like to give write access, for any entry of a given objectclass, to
all its subtree

for example :
dc=enatel,dc=local
  ou=users
    uid=francois
      cn=account1
      cn=account2
  ou=clients
    ou=company1
      uid=smith
        cn=account1
        cn=account2

uid=francois,... and uid=smith,... are entries of a given objectclass,
inetOrgPerson for example
I would like to give them write access to all their subtree, without having
to specify their location in the DIT (which OU...)
I think it is possible with aci support, but is it possible with the
directives in slapd.conf ?

I have read the FAQ at http://www.openldap.org/faq/data/cache/653.html, but
it doesn't satisfy me (ok, I can deal with it if there is no way to do what
I want)

thanks

Francois

Prev by Date: Problem with replication
Next by Date: ldap_add_s: Object class violation when I add an alias entry into ldap server.
Index(es):
- Chronological
- Thread