"Guenter Knauf" eflash@gmx.net writes:
Hi all, I have a relatively simple requirement to grant some OpenLDAP rights .... my OpenLDAP directory looks like that: root \ ou=managers ou=webprojects \ ou=groups ou=users
now I need to grant full rights for users (InetOrgPerson) in ou=managers to ou=webprojects so that they can create/modify/delete users and groups in ou=groups,ou=webprojects and ou=users,ou=webprojects, also I would like to have users be able to modify their own entries. For a start I tried some settings in slapd.conf, f.e.:
access to dn.base="" by * read access to dn.base="cn=Subschema" by * read access to dn.base="ou=webprojects" by users write
this should be access to d.subtree="ou=webprojekts by users write For more information see slapd.access(5)
-Dieter