[Date Prev][Date Next] [Chronological] [Thread] [Top]

Q: acl problem?

To: openldap-software@OpenLDAP.org
Subject: Q: acl problem?
From: Heiko Nardmann <h.nardmann@secunet.de>
Date: Tue, 20 Mar 2001 14:49:26 +0100
Organization: secunet Security Networks AG

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I want to define a set of acl rules that say that someone (a local 
administrator) is able to add attributes to an entry but is not able to 
delete or add the whole entry (which is part of a subtree).
Entries are created by the global administrator.

How can I achieve this?

E.g.

access to dn.children="o=myorg,c=de"
	??? (what kind of attribute definition?)
	by dn="cn=globalAdmin" read stop
	by dn="cn=localAdmin" read stop

- -- 
Heiko Nardmann (Dipl.-Ing.), h.nardmann@secunet.de, Software Development
secunet Security Networks AG - Sicherheit in Netzwerken (www.secunet.de),
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.4 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE6t1/mpm53PRScYygRAtfbAKDVj3f2hMfUC88DQYDm5PbzOna3LgCgkZIT
/Lz/9+bBoEfmRiK6sCwF0Lo=
=5dh5
-----END PGP SIGNATURE-----

Prev by Date: Re: SASL??
Next by Date: Re: Secure replication, using KerberosV keytab (or SASL?)
Index(es):
- Chronological
- Thread