[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4552)

To: openldap-its@OpenLDAP.org
Subject: Re: (ITS#4552)
From: ando@sys-net.it
Date: Wed, 17 May 2006 20:30:09 GMT

On Wed, 2006-05-17 at 20:03 +0000, ashish@ratboy.net wrote:
> I think there should be a way for regular users to add the tlds, as we
> do not want the rootdn/rootpw to be used, because these entries live in
> the configuration file.

Strictly speaking, the suffix entry must be created only once in the
life of a database, when it is created.

If you're creating it from scratch, you could add the suffix entry
before starting slapd, using slapadd.

The only case I can foresee where you need to add the suffix entry of a
database when slapd is already running is for databases added via back-
config.  In that case, you can use back-config to temporarily configure
the rootdn and then remove it when the suffix entry is done.

Besides this, I concur that the creation of the suffix entry by a
regular user could be allowed, subjected to appropriate restrictions by
means of ACLs, and possibly to some special control (like the
manageDIT).

p.

Ing. Pierangelo Masarati
Responsabile Open Solution
OpenLDAP Core Team

SysNet s.n.c.
Via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
------------------------------------------
Office:   +39.02.23998309          
Mobile:   +39.333.4963172
Email:    pierangelo.masarati@sys-net.it
------------------------------------------

Prev by Date: (ITS#4552)
Next by Date: (ITS#4553) ldap_dump_connection does not use Debug() macro but writes to stderr directly
Index(es):
- Chronological
- Thread