---------- Forwarded message ----------
From: Alberto Viana <albertocrj@xxxxxxxxx>
Date: Thu, Sep 13, 2012 at 5:19 PM
Subject: Allow to add a user (userpassword)
To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
How Can allow a normal user from my directory (for example uid=my.appuid,ou=test,dc=test,dc=com ) to add an user entry in the tree? (Remebering that I dont want this user as a administrator, I just want that user to be able to add users into a specific subtree in my directory). Is that possible?
From: Alberto Viana <albertocrj@xxxxxxxxx>
Date: Thu, Sep 13, 2012 at 5:19 PM
Subject: Allow to add a user (userpassword)
To: "General discussion list for the 389 Directory server project." <389-users@xxxxxxxxxxxxxxxxxxxxxxx>
How Can allow a normal user from my directory (for example uid=my.appuid,ou=test,dc=test,dc=com ) to add an user entry in the tree? (Remebering that I dont want this user as a administrator, I just want that user to be able to add users into a specific subtree in my directory). Is that possible?
ldapmodify -a -c -h 389_ds_host -D "uid=my.appuid,ou=test,dc=test,dc=com" -w - -f test.ldif
adding new entry uid=testando,ou=test,dc=test,dc=com
ldap_add: Insufficient access
ldap_add: additional info: Insufficient 'add' privilege to the 'userPassword' attribute
I tried this kind of ACI:
dn: ou=test,dc=test,dc=com
changetype: modify
add: aci
aci: (targetattr="userPassword")(version 3.0;aci "shib writer";allow (add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
or
aci: (targetattr="*")(version 3.0;aci "shib writer";allow (add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
Thanks
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
