Re: Regexp in rootdn and set-resolving of monitor attr

[Kilian Röhner <roehner@in.tum.de>]

> Take a look at slapd.access(5). There is an "add" privilege.

ok, i didn't knew this!
Looking at table 6.4 in
http://www.openldap.org/doc/admin24/access-control.html, i was under the
impression, that there is no such thing.

Also in "man slapd.access(5)", i read:

The add operation requires write (=w) privileges on the pseudo-attribute
entry of the entry being added, and write (=w) privileges on the
pseudo-attribute children of the entry's parent. When adding the suffix
entry of a database, write access to children of the empty DN ("") is
required.

So is it just possible to put into an access-clause something like this?:

access to dn.exact="ou=abc" attrs=children
by dn.exact="cn=foo,cn=bar" add


Thank you for all the replies so far!
I will also look into what Jonathan wrote about the add_content_acl switch.