[Date Prev][Date Next] [Chronological] [Thread] [Top]

set ACL specification/syntax

To: openldap-software@openldap.org
Subject: set ACL specification/syntax
From: Andrew Cobaugh <phalenor@gmail.com>
Date: Fri, 6 Mar 2009 15:46:50 -0500

Hi all,

I'm trying to set up 'personal' groups with ACLs that allow my users
to directly create and modify their own personal group. For me,
personal groups are of the form
"cn=uid:groupname,ou=group,dc=mydomain"

So far I've had partial success. If the group already exists, the user
can modify that entry.

What I'm struggling with is how to allow authenticated users to create
entries of the form uid:foo under the group ou, i.e. grant write
access to the children of ou=group.

I *think* I can use "by set=<something>", but I haven't quite gotten
the grasp of it, and there are very few references to using 'set'
online (at least that I've found).

I was hoping someone on this list has either done something like this
before, or could point me in the right direction.

I think the set clause should at least be based on something like,
set="this/cn & user/uid" but with extra stuff in there to require a
colon and one or more characters only.

Ideas?

--andy

Follow-Ups:
- Re: set ACL specification/syntax
  - From: Quanah Gibson-Mount <quanah@zimbra.com>

Prev by Date: Re: RE24 (2.4.15) slapd consuming large amounts of CPU
Next by Date: Re: set ACL specification/syntax
Index(es):
- Chronological
- Thread