[turba] Re: ldap config so users can edit their own address book

Lucius Junevicus ljunevicus at delphinus.com
Wed Mar 12 11:49:54 PST 2003


What I'm trying to do is setup a shared addressbook where each user can only
edit their own information (e.g. email address, phone number, etc)  I would
like to set it so they can only edit their own and not everyone elses.


"Lucius Junevicus" <ljunevicus at delphinus.com> wrote in message
news:b4nm44$3o2$1 at main.gmane.org...
> Thanks I'll try this.
>
> I'm not sure how the bind_password => Auth::getCredential('password')
works
> in regards to the slapd.conf file.
>
> I assume it trys to bind with the user's password, but I'm not sure how
> openldap knows that this password is something it can use. The root ldap
> password is specified in the slapd.conf file, but I don't have the user's
> passwords specified in that file.  How does that work?
>
> Still a beginner with ldap.
>
> Thanks.
>
>
>
> "Amith Varghese" <amith at xalan.com> wrote in message
> news:1047403078.e795987794286 at amith.xalan.com...
> > > The array(Auth::getAuth()) seems to allow me to edit everyone's
address.
> >
> > I have this, but the difference between my entry and your is the
> following:
> >
> > 'root' => 'ou=' . Auth::getAuth() . ',ou=Personal Address
> Book,dc=mydomain,dc=com',
> > 'bind_dn' => 'uid=' . Auth::getAuth() . ',ou=People,dc=mydomain,dc=com',
> > 'bind_password' => Auth::getCredential('password'),
> >
> > That way only the person logged in can access their own address book
based
> on
> > the how the root and bind_dn are constructed.  Not pretty but it works
> well.
> >
> > >
> > > This is the access part of my slapd.conf file
> > > access to dn=".*,ou=users,o=ourcompany"
> > >   by self write
> > >   by dn="cn=userAdmin,o=ourcompany" write
> > >   by anonymous read
> >
> > To back this up with ACLs I do the following
> >
> > access to dn="ou=(.*),ou=Personal Address Book,dc=mydomain,dc=com"
> >         by dn="uid=$1,ou=People,dc=mydomain,dc=com" write
> >         by * none
> >
> > This enforces it within OpenLDAP so clients connecting with other
clients
> can
> > view/edit someone else's address book.
> >
> > Amith
> >
> >
> > --
> > Turba mailing list
> > Frequently Asked Questions: http://horde.org/faq/
> > To unsubscribe, mail: turba-unsubscribe at lists.horde.org
> >
>
>
>
>
> --
> Turba mailing list
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: turba-unsubscribe at lists.horde.org
>





More information about the turba mailing list