ando (AT) sys-net (DOT) it wrote:
Wed, 2006-05-17 at 20:03 +0000, ashish (AT) ratboy (DOT) net wrote:

>I think there should be a way for regular users to add the tlds, as we
>do not want the rootdn/rootpw to be used, because these entries live in
>the configuration file.
>
>
Strictly speaking, the suffix entry must be created only once in the
life of a database, when it is created.
If you're creating it from scratch, you could add the suffix entry
before starting slapd, using slapadd.
The only case I can foresee where you need to add the suffix entry of a
database when slapd is already running is for databases added via back-
config. In that case, you can use back-config to temporarily configure
the rootdn and then remove it when the suffix entry is done.
Besides this, I concur that the creation of the suffix entry by a
regular user could be allowed, subjected to appropriate restrictions by
means of ACLs, and possibly to some special control (like the
manageDIT).
This doesn't seem like a case that requires special controls. He's not
creating the suffix entry, the suffix is "" and he's creating regular
children of that virtual suffix.
Please test the patch in back-bdb/add.c 1.153 -1.154.