[Date Prev][Date Next]
ACL, delete and children
I want to allow member of a group to add entries in for exemple dc=com but I want to allow deletion of dc=aa,dc=com only by
members of group dc=aa,dc=com
This doesn't seems to be possible as children attr is used for add and delete.
I tried this ACL:
#For creation in dc=XX,dc=YY tree and write access to dc=XX,dc=com
access to dn="dc=(.*),dc=(.*),o=sbuilders"
by group="dc=$1,dc=$2,o=sbuilders" write
by * none
#For creation in dc=YY
access to dn="dc=(.*),o=sbuilders"
by group="cn=add-access,ge=tld,ou=groups,o=sbuilders" write
by * none
Is there a way to do what I want ?
If not, is it possible to add anothers attributes like children (may be children-add and children-delete) which will be tested
for add or delete operation before testing children attribute (I don't know if ACL design are parts of the ldap RFC or if it's
a "free" part).
Manuel GUESDON - SOFTWARE BUILDERS <email@example.com>
http://www.sbuilders.com PGP Key Id: 12C3E391
PGP Signed/Encrypted mails prefered