How do I allow a user to edit their own info with Directory app?

Question

Level 1

27 points

How do I allow a user to edit their own info with Directory app?

How do I allow users to modify their own user information in the Directory app? I'm able to do it if I give them full admin capabilities in WGM, but I don't want them to have that. There is a "limited" administration option, but that seems to only allow me to add others to the users they can manage. Is there a place where I can select, say, 40 users, and check "Allow to edit user directory info"?

Lotsa stuff, but usually an Intel iMac or a MacBook, Mac OS X (10.5.6), Step away from the computer.

Posted on Feb 2, 2009 5:55 PM

Reply

Answer 1

foilpan

Level 4

1,385 points

Feb 2, 2009 7:09 PM in response to Brewster B

see this for a non-answer, but related details: http://discussions.apple.com/message.jspa?messageID=8807954

Reply

Answer 2

Brewster B Author

Level 1

27 points

Feb 2, 2009 7:43 PM in response to foilpan

Thanks - it looks like there is a setting somewhere for it, just a matter of me finding it.

Reply

Answer 3

Feb 3, 2009 6:11 AM in response to Brewster B

How comfortable are you with openldap ACLs?

I'm doing the same thing to delegate access to techs to administer their own container in open directory. These acls are stored in openldap itself under olcDatabase={1}bdb,cn=config. Here's a sample ldif:

version: 1

# LDIF Export for: olcDatabase={1}bdb,cn=config
# Generated by phpLDAPadmin ( http://phpldapadmin.sourceforge.net/ ) on February 3, 2009 2:04 pm
# Server: (my.opendir.com)
# Search Scope: base
# Search Filter: (objectClass=*)
# Total Entries: 1

dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcSuffix: dc=my,dc=domain,dc=com
olcAccess: {0}to dn.subtree="ou=somecontainer,dc=my,dc=domain,dc=com" by dn="u
id=someuser,cn=users,dc=my,dc=domain,dc=ca" write by dn="uid=diradmin,c
n=users,dc=my,dc=domain,dc=com" write by * read

so this user logs into WGM and can edit any info he has access to but can only read everything else.

Reply

Answer 4

Brewster B Author

Level 1

27 points

Feb 4, 2009 6:30 PM in response to fcghstdfshdf

Not comfortable, but would give it a try, if I thought I could handle it. That looks like a bit much for an amateur like me, but thanks for your response.

Reply