I did not mean to  hijack anybody's subject, my questions are different
to the previous ones but I made the mistake of not checking the list first
to find out if the subject was already used.

My questions are.  How to allow one dn to put a single entry under the
root tree of the ldap directory without using the rootdn user; and the
second question is if there is any way to sumarize all attributes that
belong to a schema; e.g.
	by dn=something write



Read up on objectclasses. You can say access to something attr=<objectclass>. That allows access to every attribute in an objectClass. If all the samba attributes belong to samba objectclass(es), then you can just use those.


