[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: group ACL Problems, disallow deletion of an object



Oliver Heinz wrote:

Pierangelo Masarati schrieb:

...
however this would inhibit object creation as well. And the rootdn would have write permissions anyway.


I don't see any other possibility at the moment.


Thanks a lot, that was the information I needed. I feel guilty, seems I hadn't read the man page thoroughly enough ;-)



2 ACLs, one with each possible attribute in the attribute line and the rule that allows to write followed by one without an attribute line with read permissions?



BTW: is anybody aware of a patch/fix for the upper problem (which would obviously make my workaround obsolete)?



2.1 is not going to be fixed any more, unless any volunteer comes out with a fix that can be hosted in the ITS. I'm curious if by any chance the problem still occurs in 2.2; can you check? and, in case, would you mind filing an ITS?


I'll check with 2.2 (but probably not before weekend). Right now moving to 2.2 does not seem to be an option for us, I was just hoping that there was a fix for 2.1 . The only chance for upgrading the ldap-master to 2.2 would be if we don't have to upgrade the slaves too (which probably "should" work I guess, but for production environment I would prefer to test, not to guess ;-) - we use slurpd replication)

2.2 replicating to 2.1 __SHOULD__ work; you may need to force the removal of some operational attributes that are not supported in 2.1, e.g. entryUUID, entryCSN and so. I have never felt the need to make it work, but I guess it might be useful to somebody, so if anyone succeeded, please post a FAQ.


p.



   SysNet - via Dossi,8 27100 Pavia Tel: +390382573859 Fax: +390382476497