[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Copying entries without access to all attributes



On 22/3/2012 3:06 ÎÎ, Nick Milas wrote:


In case we have entries which include some (administrative) attributes not visible or writable by a number of our administrator accounts, is there a way to allow these administrator accounts to create new entries which will forcibly include the aforementioned attributes, e.g. by providing default values to them? Ideally, these default attribute values should be dependent on the logged-in user (administrator).

{In practice, these admins will be using a GUI to copy existing entries to new ones; we want to make sure that any non-visible/non-writable attributes will also be copied.}

Any hint regarding such an implementation would be appreciated.

Of course, we could create a front-end application where such operations would be executed with elevated privileges so as to ensure writing of any required attributes, but it would be nice if this is possible without resorting to such a solution (by using standard openldap functionality).


Having researched this a bit further, I see we can make these administrative attributes simply readable (but not invisible), and use "add_content_acl=no" (which is the default) to allow creation of new entries with even non writable (by the respective administrator) attributes.

But is there a way to do it with invisible attributes too?

Please advise.

Thanks,
Nick