[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACLs for add, delete, modrdn LDBM operations

To: openldap-devel@OpenLDAP.org
Subject: ACLs for add, delete, modrdn LDBM operations
From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>
Date: Tue, 05 Jan 1999 12:04:48 -0800
Organization: OpenLDAP <http://www.openldap.org/>

I've been digging around our ldbm add/delete codes and I found
that we require parent write access to attr "children" add a child
entry but we do not require parent write access to delete same.

I believe write permission to the entry should only allow the
entry itself to be modified, but not deleted or modrdn'ed.

Unless I'm missing somthing, modrdn doesn't appear to do any
acl enforcement.  I believe we should require permission to
write to the parent's "children" attr to change the rdn of a
child.

Comments?

Kurt

Prev by Date: BugFixes to Berkeley DB 2.x and Features for slapd
Next by Date: Re: ACLs for add, delete, modrdn LDBM operations
Index(es):
- Chronological
- Thread