[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL issue with dnattr

To: OpenLDAP Mailling List <openldap-software@OpenLDAP.org>
Subject: ACL issue with dnattr
From: Michael Donnelly <donnelly@sendmail.com>
Date: Wed, 27 Mar 2002 14:31:01 -0800
References: <200203211814.TAA03827@taz.wiwo.nl>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.4) Gecko/20011128 Netscape6/6.2.1

I've included the following ACL into my slapd.conf file.

access to dn=".*,ou=exampleGroups,dc=([^,]+),dc=([^,]+)"
       by dnattr=owner write
       by * read

access to ou=exampleGroups,dc=([^,]+),dc=([^,]+)"
       by dnattr=owner write
       by * read

With this, I've found no problems editing an existing entry under ou=exampleGroups,dc=foobar,dc=com when bound with the DN of an owner. (No other ACL grants the bound connection any rights other than read.)

However, I am unable to delete the entry when bound as the owner. I'm running OpenLDAP 2.0.23

Is this a bug?
Is there a work-around?

Follow-Ups:
- Re: ACL issue with dnattr
  - From: Michael Donnelly <donnelly@sendmail.com>

References:
- ACL confusion
  - From: M.vanDorp@wiwo.nl

Prev by Date: x.500 and ldap sync
Next by Date: Re: ACL issue with dnattr
Index(es):
- Chronological
- Thread