On Sunday 03 December 2006 23:52, patrick ndjientcheu ngandjui wrote:
hi,
I want to access a permission to a user so that he can create, in the
entry he belongs to (say
ou=SalesDept,ou=Employee,ou=example,ou=com),entries which are an instance
of a particular object class say ExamplePerson. But, he must not have the
right to modify or delete entries he has created.
How can I resolve this problem?
Thanks.
Hi
I'm not sure but you might have to add user to group and then add those acl's
to the group or to that user. But I don't know if you can define that some
user X "belongs" to some other entry than user's own entry.
Console has quite easy to use interface to the acl's, there you can define the
entry, attributes (maybe objectclass too) and rights to the user or group.
So, I don't know direct answer but if I'd be you, I would use console to make
acl and test. Acl's can be done without console too, but IMHO it is easier to
learn and test those from console.
Best Regards
Kimmo Koivisto