[Date Prev][Date Next] [Chronological] [Thread] [Top]

realizing 4 eye principle - how?

To: OpenLDAP Software <openldap-software@OpenLDAP.org>
Subject: realizing 4 eye principle - how?
From: Heiko Nardmann <h.nardmann@secunet.de>
Date: Tue, 23 Jan 2001 13:15:37 +0100
Organization: secunet Security Networks AG

I want to realize a 4 eye principle, i.e., one administrator can create
empty entries inside the LDAP tree but cannot set attributes; the other
one can fill already existing
entries with attribute values but cannot create new ones.

Is this possible with OpenLDAP 2.0.7?

I have looked at the access control stuff but to me it seems to be
impossible at the current state.

--
Heiko Nardmann (Dipl.-Ing.), h.nardmann@secunet.de, Software Development

secunet Security Networks AG - Sicherheit in Netzwerken
(www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50

Follow-Ups:
- Re: realizing 4 eye principle - how?
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: Re: compiling and berkeley db
Next by Date: Re: OpenLDAP vs NetScape
Index(es):
- Chronological
- Thread