[Date Prev][Date Next]
Re: (ITS#7795) "manage" access right needs better description
--On Friday, January 31, 2014 5:11 PM +0000 firstname.lastname@example.org wrote:
> quanah@OpenLDAP.org wrote:
>> What does administrative access mean?
> I can't describe the full meaning, only a specific use case:
> In some deployments I grant certain admins the right to remove
> 'pwdHistory' attribute from an entry. Since this is an operational
> attribute one has to grant also manage privilege for letting the client
> remove the attribute in case it sends the Relax Rules control along with
> the modify request.
> (yes, web2ldap implements this particular use case ;-)
> access to
> by group="cn=all-mighty admins,dc=example,dc=com" =zm
> by * none
> AFAIK this also applies to altering other operational attributes by using
> Relax Rules control.
> Maybe you can take this as a start for a more general text.
Great example, thanks!
Architect - Server
Zimbra :: the leader in open source messaging and collaboration