On 10/07/10 08:50, Dieter Kluenter wrote: > Luiz Marcelo <[email protected]> writes: > >> Hello everyone! >> >> Good, I have a scenario where two directors write on the same basis, eg >> >> "cn=admin1,dc=domain,dc=com" and >> "cn=admin2,dc =domain,dc=com" >> >> In a general scope, both have written permission from the base. However, >> assuming the user admin1 adds the entry: >> "uid=john,ou=people,dc=domain,dc=com", only the admin1 user can modify >> this entry, so each admin should only modify their own entries created >> in any part of the base. >> >> Someone would have any idea how I could create an access control list >> for this > > I can provide an idea, but not a working solution :-) > You may create a set access rule that only allows write access to an > entry if attribute value of creatorsName corresponds to present > authenticated user. > Unfortunately there is almost no information available on sets, but > you may search the archiv of openldap-software mailinglist and > http://www.openldap.org/faq/data/cache/1133.html > http://www.openldap.org/faq/data/cache/1134.html
I thought this scenario would make a good example, but reading through these FAQ entries I see that this exact situation is already documented: http://www.openldap.org/faq/data/cache/1140.html Jonathan -- -------------------------------------------------------------- Jonathan Clarke - [email protected] -------------------------------------------------------------- Ldap Synchronization Connector (LSC) - http://lsc-project.org --------------------------------------------------------------
