"Guenter Knauf" <[email protected]> writes: > Hi all, I have a relatively simple requirement to grant some OpenLDAP > rights .... my OpenLDAP directory looks like that: root > \ > ou=managers > ou=webprojects > \ > ou=groups > ou=users > > now I need to grant full rights for users (InetOrgPerson) in > ou=managers to ou=webprojects so that they can create/modify/delete > users and groups in ou=groups,ou=webprojects and > ou=users,ou=webprojects, also I would like to have users be able to > modify their own entries. For a start I tried some settings in > slapd.conf, f.e.: > > access to dn.base="" by * read > access to dn.base="cn=Subschema" by * read > access to dn.base="ou=webprojects" by users write
this should be access to d.subtree="ou=webprojekts by users write For more information see slapd.access(5) -Dieter -- Dieter Klünter | Systemberatung http://dkluenter.de GPG Key ID:8EF7B6C6 53°37'09,95"N 10°08'02,42"E
