[Date Prev][Date Next]
RE: ACL changes for add/delete/rename and back-shell
What does entry write access mean when adding an entry? This lets you set up
an ACL that says someone can/cannot create a specific entry?
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt
> D. Zeilenga
> Sent: Tuesday, October 08, 2002 11:16 AM
> To: openldap-devel@OpenLDAP.org
> Subject: ACL changes for add/delete/rename and back-shell
> I've tweaked the ACL system for both back-bdb and back-ldbm
> to require "entry" write access to the entry being added,
> deleted, or renamed. Write access to the parent's (or parents')
> "children" is still required. This, especially when combined
> with the filter clause, can provide finer grained control
> on who can add, delete, rename what where.
> I've also modified back-shell to provide "entry-level"
> ACLs for all operations. This likely should be extended
> to other programmable backends (an exercise I will leave
> to others).