[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL for DIT structure rules
On Mon, Dec 15, 2008 at 07:40:15PM +0100, Michael Ströder wrote:
> But my suggestion was rather that you write up something about how to
> emulate DIT structure rules with ACLs as you already did in this thread
> here:
>
> http://www.openldap.org/lists/openldap-technical/200812/msg00016.html
>
> My hint about DIT content rules was my response to the limitation of
> your approach you mentioned here:
>
> http://www.openldap.org/lists/openldap-technical/200812/msg00038.html).
For complete control you need content rules as well as ACLs, though
setting add_content_acl helps a lot. Even then it could be awkward to
selectively delegate the ability to use a particular aux class.
I have written up the structure control example here:
http://www.openldap.org/faq/data/cache/1474.html
Andrew
--
-----------------------------------------------------------------------
| From Andrew Findlay, Skills 1st Ltd |
| Consultant in large-scale systems, networks, and directory services |
| http://www.skills-1st.co.uk/ +44 1628 782565 |
-----------------------------------------------------------------------