[Date Prev][Date Next] [Chronological] [Thread] [Top]

ITS#4556 ACLs for new entries

To: OpenLDAP Devel <openldap-devel@openldap.org>
Subject: ITS#4556 ACLs for new entries
From: Howard Chu <hyc@symas.com>
Date: Fri, 21 Sep 2007 09:00:37 -0700
User-agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.9a8pre) Gecko/2007091708 SeaMonkey/2.0a1pre

Revisiting this topic - DITStructureRules are not a solution to this problem. E.g. in cn=config, now that you can grant write access to arbitrary users, it becomes pretty critical to be able to prevent certain users from creating certain types of objects. E.g., I may want to allow someone to be able to create one type of child object under cn=config (e.g., databases) but not some other type (e.g., modules). So at the very least we need to be able to use ACL filters on new entries. -- -- Howard Chu Chief Architect, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Prev by Date: Re: HEADS UP: Attribute changes
Next by Date: Re: HEADS UP: Attribute changes
Index(es):
- Chronological
- Thread