Hopefully someone will correct me if I'm wrong but as far as I'm aware
you cannot log in as an ou object.
I'd has setup and admin user for dn: ou=Support,o=Real Softservice eg:
cn=admin,ou=Support,o=Real Softservice
then create an ACL like
access to dn.base="ou=Support,o=Real Softservice"
by dn.exact="cn=admin,ou=Support,o=Real Softservice" write
by * read
So when you login as cn=admin,ou=Support,o=Real Softservice you will
have access create / edit the full tree under ou=Support,o=Real
Softservice.
Shane.
On 09/05/07, Zhang Weiwu <[EMAIL PROTECTED]> wrote:
Dear all. In my installation it's required if someone logs in, he can
modify his own entry and can modify & delete & create entries of his own
entry, e.g.
login as: dn: ou=Support,o=Real Softservice
Then I should be able to modify & delete & create:
dn: cn=Wang Penghui,ou=Suport,o=Real Softservice
dn: cn=Zhang Weiwu,ou=Suport,o=Real Softservice
dn: cn=Wolfgang Scheuing,ou=Suport,o=Real Softservice
Looks like a simple requirement. Anyway I dug into ACL manual for days
without a clue (maybe also because of my bad English). Can anyone
provide a hint and simplified example? Thanks a lot in advance!
--
Zhang Weiwu
Real Softservice
http://www.realss.com
+86 592 2091112
