Hello,
I'm quite new to LDAP and at the moment I'm really just playing around, and trying to learn how to configure and use OpenLDAP correctly.
So I set up some kind of a small address directory, as could be used by my family to have a central place, where addresses can be stored, just to keep in contact. The setup looks like this:
# reading out data as authenticated user access to dn.children="ou=people,dc=example,dc=org" by self write by users read access to dn.base="ou=people,dc=example,dc=org" by users read access to dn.base="dc=example,dc=org" by users read
This seems to work, fine: I can log in, using my dn uid=wolfgang,ou=people,dc=example,dc=org and I can change my details, and view the details of the other uids.
Then I thought, it would be nice to be able, to create my own address books within my "self" contact. Such as ou=adrbook01,uid=wolfgang,ou=people,dc=example,dc=org and have in there contacts, that can only be shown by me. All other users should be able to do the same thing, of course. So I tried to create the new ou=adrbook01 entry and got a "no write access to entry". As I understand it, I may only add and change attributes, that lie within my binddn.
So, now my question is, how can I configure slapd to enable users, to build their own subtrees, without having to give a rule for every single uid, that lies within ou=people?
Thanks in advance, Wolfgang