Ownership of LDAP directory objects

Ownership of LDAP directory objects

Each object in your LDAP directory has at least one owner. Object owners have the power to delete the object. Owners and the server administrator are the only users that can change the ownership properties and the access control list (ACL) attributes of an object. Ownership of objects can be either inherited or explicit.
To assign ownership you can do one of the following:

Explicitly set up ownership for a specific object.

Specify that objects inherit their owners from objects higher up in the LDAP directory hierarchy.

Directory Server allows you to specify multiple owners for the same object. You can also specify that an object owns itself. To do this you include the special DN cn=this in the list of object owners. For example, assume that the object cn=A has the owner cn=this. Any user will have owner access to the cn=A object if he connects to the server as cn=A.

Parent topic:
Directory Server security

Related concepts

Directory entry tasks