Re: simple ACL requirement, grant access to modify myself and my sub entries, not sure how to do it

[Shane <squindler@gmail.com>]

Hopefully someone will correct me if I'm wrong but as far as I'm aware
you cannot log in as an ou object.

I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg:

cn=admin,ou=Support,o=Real Softservice

then create an ACL like

access to dn.base="ou=Support,o=Real Softservice"
    by dn.exact="cn=admin,ou=Support,o=Real Softservice" write
    by * read

So when you login as cn=admin,ou=Support,o=Real Softservice you will
have access create / edit the full tree under ou=Support,o=Real
Softservice.

Shane.

On 09/05/07, Zhang Weiwu <zhangweiwu@realss.com> wrote:
> Dear all. In my installation it's required if someone logs in, he can
> modify his own entry and can modify & delete & create entries of his own
> entry, e.g.
>
> login as: dn: ou=Support,o=Real Softservice
>
> Then I should be able to modify & delete & create:
>
> dn: cn=Wang Penghui,ou=Suport,o=Real Softservice
>
> dn: cn=Zhang Weiwu,ou=Suport,o=Real Softservice
>
> dn: cn=Wolfgang Scheuing,ou=Suport,o=Real Softservice
>
> Looks like a simple requirement. Anyway I dug into ACL manual for days
> without a clue (maybe also because of my bad English). Can anyone
> provide a hint and simplified example? Thanks a lot in advance!
>
> --
> Zhang Weiwu
> Real Softservice
> http://www.realss.com
> +86 592 2091112