[Date Prev][Date Next] [Chronological] [Thread] [Top]

set ACL specification/syntax

Hi all,

I'm trying to set up 'personal' groups with ACLs that allow my users
to directly create and modify their own personal group. For me,
personal groups are of the form

So far I've had partial success. If the group already exists, the user
can modify that entry.

What I'm struggling with is how to allow authenticated users to create
entries of the form uid:foo under the group ou, i.e. grant write
access to the children of ou=group.

I *think* I can use "by set=<something>", but I haven't quite gotten
the grasp of it, and there are very few references to using 'set'
online (at least that I've found).

I was hoping someone on this list has either done something like this
before, or could point me in the right direction.

I think the set clause should at least be based on something like,
set="this/cn & user/uid" but with extra stuff in there to require a
colon and one or more characters only.