[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: (ITS#4552)



ando@sys-net.it wrote:
> On Wed, 2006-05-17 at 20:03 +0000, ashish@ratboy.net wrote:
>   
>> I think there should be a way for regular users to add the tlds, as we
>> do not want the rootdn/rootpw to be used, because these entries live in
>> the configuration file.
>>     
>
> Strictly speaking, the suffix entry must be created only once in the
> life of a database, when it is created.
>
> If you're creating it from scratch, you could add the suffix entry
> before starting slapd, using slapadd.
>
> The only case I can foresee where you need to add the suffix entry of a
> database when slapd is already running is for databases added via back-
> config.  In that case, you can use back-config to temporarily configure
> the rootdn and then remove it when the suffix entry is done.
>
> Besides this, I concur that the creation of the suffix entry by a
> regular user could be allowed, subjected to appropriate restrictions by
> means of ACLs, and possibly to some special control (like the
> manageDIT).
>   

This doesn't seem like a case that requires special controls. He's not 
creating the suffix entry, the suffix is "" and he's creating regular 
children of that virtual suffix.

Please test the patch in back-bdb/add.c 1.153 -> 1.154.

-- 
  -- Howard Chu
  Chief Architect, Symas Corp.  http://www.symas.com
  Director, Highland Sun        http://highlandsun.com/hyc
  OpenLDAP Core Team            http://www.openldap.org/project/