Am 28.07.2009 um 01:04 schrieb Howard Chu:

Hi Howard,

A second problem, maybe you can give me a pointer: I would like to
assign the right to add, modify and delete an object to an attribute
inside the same object (and necessarily to the container object).
Maybe ACI and the corresponding overlay is what i need. Or can this be
solved by using regex?

I don't understand this question, give a more detailed example...

Ok, for example, i have two objects like that:

dn: ou=container,o=org,c=de
objectClass: top
objectClass: organizationalUtit
ou: container

and

dn: cn=person,ou=container,o=org,c=de
objectClass: top
objectClass: person
cn: person
sn: jackson

Now i would like to add some kind of acl to the cn=person (the objectClass "acl" is not real, but it should demonstrate, what i need):

dn: cn=person,ou=container,o=org,c=de
objectClass: top
objectClass: person
objectClass: acl
cn: person
sn: jackson
aclAllowByDn: cn=user1,ou=users,o=org,c=de

So if the user "user1" binds successfully he has  the permission to modify the entry. When a new entry is createt or a entry is deletet, i also need write access to the parent object in the tree, so i have to expand the ou=container object too in some way to allow the operation. 

It should be possible to assign the right to add, modify and delete dynamically to an other ldap object, e.g. a user object.


Thanks a lot
with kind regards

Jens

-- 
linux systeme thomas

Jens Thomas
Völklinger Straße 9
42285 Wuppertal

Telefon: +49.202.3097507
Mobil: +49.177.9301386
eFax: +49.202.85064329

USt-ID: DE250711901