Ticket 47653 - Need a way to allow users to create entries assigned to themselves.
Bug Description:
Users need to be able to create, edit and delete their own entries.
An entry (i.e. cn=token1_user1234,dc=example,dc=com) has an attribute (i.e. ipatokenOwner)
that contains the entry DN of the user (i.e. uid=user1234,dc=example,dc=com).
Being bound as 'uid=user1234,dc=example,dc=com', we should be able to
any ldap operation on 'user1234' entries like cn=token1_user1234.
Fix Description:
It adds a BindRule: SELFDN, implemented in DS_LASUserDnAttrEval (called by DS_LASUserAttrEval).
The syntax in the aci is :
<userattr> = <attribute>#SELFDN
If the BindDN (lasinfo.clientDn) exists in entry.<attribute>
(lasinfo.resourceEntry[attrName]), then the aci matched
https://fedorahosted.org/389/ticket/47653
Reviewed by: Ludwig Krispenz, Rich Megginson
Platforms tested: F17/F19(jenkins)
Flag Day: no
Doc impact: no