[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL for only creating entry

To: <openldap-software@OpenLDAP.org>
Subject: ACL for only creating entry
From: <adamtheo@theoretic.com>
Date: Sat, 13 Dec 2003 05:39:01 -0600 (CST)
Importance: Normal

Hello, all. I'm trying to get a script ( http://phpldapadmin.sf.net ) to
act as a public registration interface to my ldap directory. It will allow
the public to create an account for themselves without needing admin
action. However, I'm having trouble setting up ACL's to grant this sort of
access.

I'm trying to give the script (binding under the dn of
"uid=webregister,ou=services,dc=theoretic,dc=com" with a password I won't
specify here) permission to create new entries (users with userPassword
attributes and all) directly under the dn of
"ou=users,dc=theoretic,dc=com", but not anything else (such as delete any
entries or modify any entries, perhaps not even read any entries, even the
ones it creates if possible).

I've messed with different ACL configurations for the past 3 hours, but no
success. I can either give it full write access to all entries or no write
acceess at all (forbidding it from creating entries under "ou=users...").
Any suggestions on ACLs I can use? Thanks.

Follow-Ups:
- Re: ACL for only creating entry
  - From: Ace Suares <ace@suares.nl>

Prev by Date: Re: Now OT: RE: stable?
Next by Date: Re: please help with failing test001-slapadd
Index(es):
- Chronological
- Thread