How Can allow a normal user from my directory (for example
uid=my.appuid,ou=test,dc=test,dc=com ) to add an user entry in the tree? (Remebering that I dont want this user as a administrator, I just want that user to be able to add users into a specific subtree in my directory). Is that possible?<div>
<br></div><div><br></div><div>ldapmodify -a -c -h 389_ds_host -D "uid=my.appuid,ou=test,dc=test,dc=com" -w - -f test.ldif</div><div><br></div><div>adding new entry uid=testando,ou=test,dc=test,dc=com</div><div><div>
ldap_add: Insufficient access</div><div>ldap_add: additional info: Insufficient 'add' privilege to the 'userPassword' attribute</div></div><div><br></div><div><br></div><div>I tried this kind of ACI:</div>
<div><br></div><div><div>dn: ou=test,dc=test,dc=com</div><div>changetype: modify</div><div>add: aci</div><div>aci: (targetattr="userPassword")(version 3.0;aci "shib writer";allow (add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)</div>
</div><div><br></div><div>or </div><div><br></div><div>aci: (targetattr="*")(version 3.0;aci "shib writer";allow (add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
</div><div><br></div><div>Thanks</div>