[Date Prev][Date Next] [Chronological] [Thread] [Top]

controlling ACL's with dn's contained in attributes?


I am struggling to find a good "ACL Cookbook" site if anyone knows of
one please post to the list. I think it could help alot of people. In
the absence of that my question is as follows:

I would like to utilize the filter= ACL in order to maintain a structure
as flat as possible.  I intend to create a custom schema to create a
attribute for our customers called salesMan which would contain a dn
similar to the manager attribute. I'd like to know if it's possible to
create and ACL where the salesman has the ability to write to dn or the
manager of the salesman as defined in the salesman's Manager attribute
has the write ability. I can always wrap this all in application layer
bits but it would be nice to make use of OpenLDAP's native ACL's to
manage this. Anyone have any pointers?


Jayson D. Henkel
Systems Manager

(Tel:  +1 (780) 440-4434)
(Fax:  +1 (780) 440-1951)
(Cell: +1 (780) 886-8941)
(E-Mail: jhenkel@sterlingcrane.ca)

Sterling Crane
P.O. Box 8610. Station South
Edmonton, Alberta
Canada. T6E 6R2

The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material. If you are not the intended recipient of this message you are
hereby notified that any use, review, retransmission ,
dissemination,distribution, reproduction or any action taken in reliance
upon this message is prohibited. If you received this in error, please
contact the sender and delete the material from any computer. Any views
expressed in this message are those of the individual sender and may not
necessarily reflect the views of the company.