Hopefully someone will correct me if I'm wrong but as far as I'm aware you cannot log in as an ou object.
I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg:
cn=admin,ou=Support,o=Real Softservice
then create an ACL like
access to dn.base="ou=Support,o=Real Softservice" by dn.exact="cn=admin,ou=Support,o=Real Softservice" write by * read
So when you login as cn=admin,ou=Support,o=Real Softservice you will have access create / edit the full tree under ou=Support,o=Real Softservice.
Shane.
On 09/05/07, Zhang Weiwu zhangweiwu@realss.com wrote:
Dear all. In my installation it's required if someone logs in, he can modify his own entry and can modify & delete & create entries of his own entry, e.g.
login as: dn: ou=Support,o=Real Softservice
Then I should be able to modify & delete & create:
dn: cn=Wang Penghui,ou=Suport,o=Real Softservice
dn: cn=Zhang Weiwu,ou=Suport,o=Real Softservice
dn: cn=Wolfgang Scheuing,ou=Suport,o=Real Softservice
Looks like a simple requirement. Anyway I dug into ACL manual for days without a clue (maybe also because of my bad English). Can anyone provide a hint and simplified example? Thanks a lot in advance!
-- Zhang Weiwu Real Softservice http://www.realss.com +86 592 2091112