Luiz Marcelo <[email protected]> writes: > Hello everyone! > > Good, I have a scenario where two directors write on the same basis, eg > > "cn=admin1,dc=domain,dc=com" and > "cn=admin2,dc =domain,dc=com" > > In a general scope, both have written permission from the base. However, > assuming the user admin1 adds the entry: > "uid=john,ou=people,dc=domain,dc=com", only the admin1 user can modify > this entry, so each admin should only modify their own entries created > in any part of the base. > > Someone would have any idea how I could create an access control list > for this
I can provide an idea, but not a working solution :-) You may create a set access rule that only allows write access to an entry if attribute value of creatorsName corresponds to present authenticated user. Unfortunately there is almost no information available on sets, but you may search the archiv of openldap-software mailinglist and http://www.openldap.org/faq/data/cache/1133.html http://www.openldap.org/faq/data/cache/1134.html -Dieter -- Dieter Klünter | Systemberatung sip: [email protected] http://www.dpunkt.de/buecher/2104.html GPG Key ID:8EF7B6C6
