[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL to allow an attribute to be cleared, but not changed to something else?

To: Pierangelo Masarati <masarati@aero.polimi.it>
Subject: Re: ACL to allow an attribute to be cleared, but not changed to something else?
From: Tim Gustafson <tjg@soe.ucsc.edu>
Date: Thu, 1 Jul 2010 08:48:28 -0700 (PDT)
Cc: openldap-technical@openldap.org
In-reply-to: <4C2C610D.4010202@aero.polimi.it>

> If you mean a normal user which application-wise is granted
> higher privileges by ACLs, you need to make use of the granular
> "a" (add) and "z" (zap) privileges (their union is "w", write).

Pardon my thickness, but the documentation at http://www.openldap.org/doc/admin24/access-control.html specifically calls out the possible values of the "level" part of the ACL clause:

<level> ::= none | disclose | auth | compare | search | read | write | manage

Is this an undocumented feature?  Should perhaps the documentation be updated, or maybe an example of this sort of ACL included in the examples section?

Tim Gustafson
Baskin School of Engineering
UC Santa Cruz
tjg@soe.ucsc.edu
831-459-5354

Follow-Ups:
- Re: ACL to allow an attribute to be cleared, but not changed to something else?
  - From: Quanah Gibson-Mount <quanah@zimbra.com>
- Re: ACL to allow an attribute to be cleared, but not changed to something else?
  - From: Jonathan Clarke <jonathan@phillipoux.net>

References:
- Re: ACL to allow an attribute to be cleared, but not changed to something else?
  - From: Pierangelo Masarati <masarati@aero.polimi.it>

Prev by Date: Re: intent of pwdGraceAuthNLimit when using ppolicy overlay
Next by Date: Openldap client can't see users
Index(es):
- Chronological
- Thread