On Sunday 03 December 2006 23:52, patrick ndjientcheu ngandjui wrote:
hi, I want to access a permission to a user so that he can create, in the entry he belongs to (say ou=SalesDept,ou=Employee,ou=example,ou=com),entries which are an instance of a particular object class say ExamplePerson. But, he must not have the right to modify or delete entries he has created.
How can I resolve this problem? Thanks.
I'm not sure but you might have to add user to group and then add those acl's to the group or to that user. But I don't know if you can define that some user X "belongs" to some other entry than user's own entry.
Console has quite easy to use interface to the acl's, there you can define the entry, attributes (maybe objectclass too) and rights to the user or group.
So, I don't know direct answer but if I'd be you, I would use console to make acl and test. Acl's can be done without console too, but IMHO it is easier to learn and test those from console.
Best Regards Kimmo Koivisto