How Can allow a normal user from my directory (for example
uid=my.appuid,ou=test,dc=test,dc=com ) to add an user entry in the tree?
(Remebering that I dont want this user as a administrator, I just want that
user to be able to add users into a specific subtree in my directory). Is
that possible?
ldapmodify -a -c -h 389_ds_host -D "uid=my.appuid,ou=test,dc=test,dc=com"
-w - -f test.ldif
adding new entry uid=testando,ou=test,dc=test,dc=com
ldap_add: Insufficient access
ldap_add: additional info: Insufficient 'add' privilege to the
'userPassword' attribute
I tried this kind of ACI:
dn: ou=test,dc=test,dc=com
changetype: modify
add: aci
aci: (targetattr="userPassword")(version 3.0;aci "shib writer";allow
(add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
or
aci: (targetattr="*")(version 3.0;aci "shib writer";allow
(add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
Thanks