Allowing mass users rights to their own object and not others
Novell eDirectory 8.7.1 for All Platforms
Novell eDirectory 8.7.3 for All Platforms
The following is an example of a working LDIF file to allow all objects in the tree to modify their own email address. Remember that this is accessing eDirectory via the LDAP server so LDAP attribute mappings may need to be used depending on the attribute you wish to grant access to.
<--- Start of LDIF File --->
<--- End of LDIF File --->
This LDIF file will modify the ACL of the top level organizational unit called "Novell" to allow Read,Write and Inheritable privileges to the mail attribute for the tree. The mail attribute is mapped via LDAP attribute mappings on the LDAP group object to point to "Internet Email Address" in the eDirectory schema.
The LDIF file can be used via ICE:
ice -S LDIF -f sys:system\mail.ldif -D LDAP -s 127.0.0.1 -d cn=admin,o=novell -w password
You should now find that users can modify their own email address via utilities such as LDAP or ConsoleOne but will not be able to modify the email address of other objects in the tree. Once the [This] trustee has been added to the tree, you can use iManager or ConsoleOne to add and remove rights.
Formerly known as TID# 10087020
Formerly known as TID# NOVL92510