thaks Dieter,<br><br>your links lead me to the following in my slapd.conf:<br><br>access to *<br>&nbsp;&nbsp;&nbsp; by set=&quot;user/admin &amp; [TRUE]&quot; write<br>&nbsp;&nbsp;&nbsp; by self write<br>&nbsp;&nbsp;&nbsp; by * read<br>&nbsp;&nbsp;&nbsp; by anonymous read<br><br>I must add that user/admin &amp; [TRUE] represents the currently logged in user and its &quot;admin&quot; attribute that must be set to TRUE. It wasn&#39;t clear that &quot;user&quot; represents the currently logged in user: I thought it was the name of the parent node or something like this... LDAP concept is still quite not clear for me !<br>
<br>Again, thanks Dieter<br><br>Francois MAROT<br><br><div class="gmail_quote">On Tue, Jul 15, 2008 at 10:17 AM, Francois Marot &lt;<a href="mailto:francois.marot@gmail.com">francois.marot@gmail.com</a>&gt; wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Hello all OpenLDAP users,<br><br>I&#39;m quite new to LDAP and I need to modify a currently existing LDAP database.<br>There exist users in the database which can authentify, and I would like to add a specific parameter on some of those users to enable write access to them (for the moment they only have read access)<br>

For example I currently have 2 users:<br><br>uid=user1,ou=Users,dc=myCompany,dc=fr<br>uid=user2,ou=Users,dc=myCompany,dc=fr<br><br>I changed my schema in order to be able to define an attribute admin=&quot;TRUE&quot; on user1. Now, I would like that only user1 could change anything in the database, and not user2. How would I do that ?<br>

Is it possible to define an ACL based on the attribute of a DN ?<br><br>Thanks<br><font color="#888888"><br>Francois MAROT<br>
</font></blockquote></div><br>