Hi all,

I am new to ldap and am tryin to figure out what they mean by entry owner. In setting up acl lists in the slapd.conf file they always define an entry owner (self) as having write access. But who is the entry owner?

Initially in open ldap there is just the root user who is given access and creates entries. You can then either uses sasl to add new user and give them write access to the directory and I suppose they become the entry owner of entries they create. Is this right? Where I get confused is if you are uisng ldap to store the userid and passwords for authentication. How does openldap keep track of who created the entry? Is there some kind of config option that you set which says dont look in the sasl database for entry owner but look at the people.example.com directory for owner?

Maybe I am just misunderstanding this whole ldap acl thing. It all makes sense except for determining entry owner. E.G. how does openldap know that paulina.people.example.com is the owner of the entry and should be allowed to change the password as defined by the acl

access to attr password by self write

?????