[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Allow creation of one single entry (own addressbook)
Hi,
I adopted the address book sample from the FAQ but I want to have a
separate hierarchy. Also included there: The public address book.
Why? Because on the client I need to enter only one base and the global book automatically merges with the global one.
This are my current ACLs:
# admin is allowed to do all
access to *
by dn.exact="uid=admin,ou=int,ou=users,dc=example,dc=com" write
by * break
access to attrs=userPassword
by anonymous auth
by self =wscx
by * none
access to attrs=shadowLastChange,sambaNTPassword,sambaLMPassword
by self =wscx
by * none
# individual books
# read the own book
access to dn.regex="^ou=([^,]+),ou=Address Book,dc=example,dc=com$" attrs=entry,@organizationalUnit
by dn.exact,expand="uid=$1,ou=int,ou=users,dc=example,dc=com" read
by * break
# create children in address book
access to dn.regex="^ou=([^,]+),ou=Address Book,dc=example,dc=com$" attrs=children
by dn.exact,expand="uid=$1,ou=int,ou=users,dc=example,dc=com" write
by * break
# create entries
access to dn.regex="[^,]+,ou=([^,]+),ou=Address Book,dc=example,dc=com$" attrs=entry,@inetOrgPerson
by dn.exact,expand="uid=$1,ou=int,ou=users,dc=example,dc=com" write
by * break
# global
access to dn.exact="ou=Address Book,dc=example,dc=com"
by dn.regex="^uid=[^,]+,ou=int,ou=users,dc=example,dc=com$" read
by * break
access to dn.subtree="ou=global,ou=Address Book,dc=example,dc=com"
by dn.regex="^uid=[^,]+,ou=int,ou=users,dc=example,dc=com$" read
by * break
# "reader" should be able to read anything else (libnss-ldap etc).
access to *
by dn="uid=reader,dc=example,dc=com" read
by self read
by * none
Now I want the users to be also able to create their own container under ou=Address book.
What is the correct ACL entry for that?
Best regards,
Luke
PS: Is the ACL layout bad in common? What would you change?
--
GRATIS für alle GMX-Mitglieder: Die maxdome Movie-FLAT!
Jetzt freischalten unter http://portal.gmx.net/de/go/maxdome01