[389-users] Allow to add a user (userpassword)
Alberto Viana
albertocrj at gmail.com
Thu Sep 13 20:19:35 UTC 2012
How Can allow a normal user from my directory (for example
uid=my.appuid,ou=test,dc=test,dc=com ) to add an user entry in the tree?
(Remebering that I dont want this user as a administrator, I just want that
user to be able to add users into a specific subtree in my directory). Is
that possible?
ldapmodify -a -c -h 389_ds_host -D "uid=my.appuid,ou=test,dc=test,dc=com"
-w - -f test.ldif
adding new entry uid=testando,ou=test,dc=test,dc=com
ldap_add: Insufficient access
ldap_add: additional info: Insufficient 'add' privilege to the
'userPassword' attribute
I tried this kind of ACI:
dn: ou=test,dc=test,dc=com
changetype: modify
add: aci
aci: (targetattr="userPassword")(version 3.0;aci "shib writer";allow
(add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
or
aci: (targetattr="*")(version 3.0;aci "shib writer";allow
(add,write,compare) userdn="ldap:///uid=my.appuid,ou=test,dc=test,dc=com";)
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20120913/b9921c77/attachment.html>
More information about the 389-users
mailing list