Hello,
I'm quite new to LDAP and at the moment I'm really just playing around,
and trying to learn how to configure and use OpenLDAP correctly.
So I set up some kind of a small address directory, as could be used by
my family to have a central place, where addresses can be stored, just
to keep in contact. The setup looks like this:
# reading out data as authenticated user
access to dn.children="ou=people,dc=example,dc=org"
by self write
by users read
access to dn.base="ou=people,dc=example,dc=org"
by users read
access to dn.base="dc=example,dc=org"
by users read
This seems to work, fine: I can log in, using my dn
uid=wolfgang,ou=people,dc=example,dc=org
and I can change my details, and view the details of the other uids.
Then I thought, it would be nice to be able, to create my own address
books within my "self" contact. Such as
ou=adrbook01,uid=wolfgang,ou=people,dc=example,dc=org
and have in there contacts, that can only be shown by me. All other
users should be able to do the same thing, of course. So I tried to
create the new ou=adrbook01 entry and got a "no write access to entry".
As I understand it, I may only add and change attributes, that lie
within my binddn.
So, now my question is, how can I configure slapd to enable users, to
build their own subtrees, without having to give a rule for every
single uid, that lies within ou=people?
Thanks in advance,
Wolfgang
