[Date Prev][Date Next] [Chronological] [Thread] [Top]

(raise question again) how to configure LDAP to allow each logged-in user to modify the subtree of the current user?

Dear list

I've posted this question before. Maybe it's my bad English but I didn't
get a solution nor an answer of "it's impossible" too so I just post
again (yes I knew people answer me for free and for being kind and I am
really thankful for all feedback)

Is it possible to define ACL that every user who successfully bind-ed
(logged in) that this user can modify their own entry as well as the sub
entries of them?

dn: ou=support,xxx

if one connection is bind to this dn, it can modify these entries:

dn: cn=Wang Penghui,ou=support,xxx
dn: cn=Zhang Weiwu,ou=support,xxx

Now we have some 3000 people who can login to the LDAP database and each
are logged in as an entry which is organization or organizationalUnit.
They all need to be able to modify entries within their own organization
or organizationalUnit.

I know how to define one ACL rule for one to be able to modify an entry
and its subtree, but in my case I need to define 3000 ACL rules (and
this number is still growing). Can such permission requirement be
defined within limited number of ACL rules?

Best Regards
Zhang Weiwu
Real Softservice
+86 592 2091112