[Date Prev][Date Next] [Chronological] [Thread] [Top]

Authenticated users can create new entries but then only creator can modify entry


In the proccess of setting up an openldap server as a pgp key server, I want to grant access to every authenticated user to create a new entry in a subtree of the basedn and every body to read entries in that subtree but only creator to be able to modify his entries. 

I tried with the following (unsuccessfully): 

access to dn.children="ou=PGP Keys,o=SNCFT,c=TN" 
       by dn.regex="^uid=([^,]+),(ou=[^,]+,)+ou=Users,o=SNCFT,c=TN$" selfwrite 
       by dn.regex="^uid=([^,]+),ou=Users,o=SNCFT,c=TN$" write 
       by * read 

and also 
       by dnattr=owner selfwrite 
       by users write 
       by * read 

but none worked. 

I am running openldap-2.3.27-8.el5_2.4 
Fathi B.N.