[Date Prev][Date Next]
Re: allow users to add an auxiliary objectClass to their own entry
François Beretti writes:
> I want to allow users to add to their own LDAP entry a given auxiliary
> objectClass. But just this one, I don't want them to add other
> objectClasses. Is this possible ?
See 'man slapd.access':
access to attrs=objectClass val=foobarClass by self write by * read
(Or replace 'by * read' with 'by * none break' if other access
statements further down should specify if other users have access.)
Note that they can also remove the object class from their entires, I
don't know a way to allow add but not remove.