[turba] ldap config so users can edit their own address book
Amith Varghese
amith at xalan.com
Tue Mar 11 12:17:58 PST 2003
> The array(Auth::getAuth()) seems to allow me to edit everyone's address.
I have this, but the difference between my entry and your is the following:
'root' => 'ou=' . Auth::getAuth() . ',ou=Personal Address Book,dc=mydomain,dc=com',
'bind_dn' => 'uid=' . Auth::getAuth() . ',ou=People,dc=mydomain,dc=com',
'bind_password' => Auth::getCredential('password'),
That way only the person logged in can access their own address book based on
the how the root and bind_dn are constructed. Not pretty but it works well.
>
> This is the access part of my slapd.conf file
> access to dn=".*,ou=users,o=ourcompany"
> by self write
> by dn="cn=userAdmin,o=ourcompany" write
> by anonymous read
To back this up with ACLs I do the following
access to dn="ou=(.*),ou=Personal Address Book,dc=mydomain,dc=com"
by dn="uid=$1,ou=People,dc=mydomain,dc=com" write
by * none
This enforces it within OpenLDAP so clients connecting with other clients can
view/edit someone else's address book.
Amith
More information about the turba
mailing list