Am 28.07.2009 um 01:04 schrieb Howard Chu:
Hi Howard,
A second problem, maybe you can give me a pointer: I would like to assign the right to add, modify and delete an object to an attribute inside the same object (and necessarily to the container object). Maybe ACI and the corresponding overlay is what i need. Or can this be solved by using regex?
I don't understand this question, give a more detailed example...
Ok, for example, i have two objects like that:
dn: ou=container,o=org,c=de objectClass: top objectClass: organizationalUtit ou: container
and
dn: cn=person,ou=container,o=org,c=de objectClass: top objectClass: person cn: person sn: jackson
Now i would like to add some kind of acl to the cn=person (the objectClass "acl" is not real, but it should demonstrate, what i need):
dn: cn=person,ou=container,o=org,c=de objectClass: top objectClass: person objectClass: acl cn: person sn: jackson aclAllowByDn: cn=user1,ou=users,o=org,c=de
So if the user "user1" binds successfully he has the permission to modify the entry. When a new entry is createt or a entry is deletet, i also need write access to the parent object in the tree, so i have to expand the ou=container object too in some way to allow the operation.
It should be possible to assign the right to add, modify and delete dynamically to an other ldap object, e.g. a user object.
Thanks a lot with kind regards
Jens