[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: "children" keyword in the field <what> of an ACL


François Beretti <francois.beretti@enatel.com> writes:

> Thank you for your answer, Edward

> so here is my problem :
> I want to give to each person of my directory (so each entry implementing
> the "person" objectclass) some rights on the entries of their own subtree,
> depending on which objectclass the entry implements
> for exemple, if every user has sub-entries of the class "storage", I want
> the users to have read access on their 'storage' entries
> same for other sub-entries, implementing objectclass "parameter" on which I
> want the user to have write access (but only for their own subtree)
> That doesn't seem to be possible at the moment...

You may want to have a look at access control information (aci). You
could grant permissions to each subentry by defining indiviual access-id's
which could be a users DN. An aci could look like


In this example write access to the attribute userPassword is granted
to the access-id "cn=admanger,o=kluenter". For more info see



Dieter Kluenter  | Systemberatung
Tel:040.64861967 | Fax: 040.64891521
mailto: dkluenter(at)dkluenter.de