Hi all, I'm not very experienced with ldap. I've been looking into the access controls documentation but I'm unsure on what the proper way to handle this is.
So let me expain what I want to accomplish: a user entry (posixAccount, password, givenName, ...) can update his own password by using the "self" keyword. All good there. But a user has some assets he owns. For example a host (in Common tree). I want the user to be able to update one attribute of this host. "self" keyword doesn't work here as the user doesn't bind to it. So I added an owner attribute to the host and with that attribute I reference to the user. Now I need some kind of "glue" to verify that the user is allowed to write to the attribute. Do I need a filter? Wouldn't this just filter out a specific attribute? Or will it only filter entries based on the filter match? In the latter case (which seems like a logical way for openldap to handle this) I would need: - attr: to select what attribute the user access is modified - filter: to only apply on the user his host - by: variable definition for this clause to only apply on the binded user I've read about dnattr but I'm unsure this is accomplishes what I want. Could anyone share an example? Thanks
