I'm looking for a way to allow LDAP users to write into a branch that has their names. For example, I want each users A, B, C allowed to write into a cn=A,ou=foo, cn=B,ou=foo, cn=C,ou=foo... Is there a way to do that without writing it explicitly.
Not like that:
access: to subtree="cn=A,ou=foo"
by dn.exact="uid=A,ou=people" write
access: to subtree="cn=B,ou=foo"
by dn.exact="uid=B,ou=people" write
...
With a regex maybe?
Something like that will work:
olcAccess: to dn.regex=".+,cn=([^,]+),ou=foo$"
by dn.exact,expand="uid=$1,ou=people" write
by users read
by * none
Each user will have write access to a branch with their name in ou=foo
.