[Date Prev][Date Next] [Chronological] [Thread] [Top]

allow a user create some objects under his entry


Just in case it would help somebody, here are my acl rules to allow a user to create entries of a given objectClass under himself :

access to attrs="children" by self write

access to filter="objectclass=myGivenObjectClass" dn.regex="([^,]+)=([^,]+),([^,]+)=([^,]+),.*"
by dn.regex="$3=$4,$5" write

So any authentified user can create entries of class 'myGivenObjectClass' just under its entry.
Since I don't use 'cn' or 'uid' in it, this acl works even if the attribute used for the RDN is modified, for example if you use cn=francois,ou=... to name the users, or uid=francois,ou=...

It seems to work, tell me if you see a mistake or a possible improvement.