[Date Prev][Date Next] [Chronological] [Thread] [Top]

allow a user create some objects under his entry

To: openldap-software@OpenLDAP.org
Subject: allow a user create some objects under his entry
From: François Beretti <francois.beretti@enatel.com>
Date: Fri, 02 Jul 2004 15:11:16 +0200
Organization: Enatel
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.6b) Gecko/20031205 Thunderbird/0.4

Hi,

Just in case it would help somebody, here are my acl rules to allow a user to create entries of a given objectClass under himself :

access to attrs="children" by self write

access to filter="objectclass=myGivenObjectClass" dn.regex="([^,]+)=([^,]+),([^,]+)=([^,]+),.*" by dn.regex="$3=$4,$5" write

So any authentified user can create entries of class 'myGivenObjectClass' just under its entry. Since I don't use 'cn' or 'uid' in it, this acl works even if the attribute used for the RDN is modified, for example if you use cn=francois,ou=... to name the users, or uid=francois,ou=...

It seems to work, tell me if you see a mistake or a possible improvement.

François

Prev by Date: Re: setting up time- & sizelimit
Next by Date: Re: Showing ALL attribute values && ACI's (ITS#3215)
Index(es):
- Chronological
- Thread