[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: simple ACL requirement, grant access to modify myself and my sub entries, not sure how to do it

Hopefully someone will correct me if I'm wrong but as far as I'm aware
you cannot log in as an ou object.

I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg:

cn=admin,ou=Support,o=Real Softservice

then create an ACL like

access to dn.base="ou=Support,o=Real Softservice"
    by dn.exact="cn=admin,ou=Support,o=Real Softservice" write
    by * read

So when you login as cn=admin,ou=Support,o=Real Softservice you will
have access create / edit the full tree under ou=Support,o=Real


On 09/05/07, Zhang Weiwu <zhangweiwu@realss.com> wrote:
Dear all. In my installation it's required if someone logs in, he can
modify his own entry and can modify & delete & create entries of his own
entry, e.g.

login as: dn: ou=Support,o=Real Softservice

Then I should be able to modify & delete & create:

dn: cn=Wang Penghui,ou=Suport,o=Real Softservice

dn: cn=Zhang Weiwu,ou=Suport,o=Real Softservice

dn: cn=Wolfgang Scheuing,ou=Suport,o=Real Softservice

Looks like a simple requirement. Anyway I dug into ACL manual for days
without a clue (maybe also because of my bad English). Can anyone
provide a hint and simplified example? Thanks a lot in advance!

Zhang Weiwu
Real Softservice
+86 592 2091112