[Date Prev][Date Next] [Chronological] [Thread] [Top]

realizing 4 eye principle - how?

I want to realize a 4 eye principle, i.e., one administrator can create
empty entries inside the LDAP tree but cannot set attributes; the other
one can fill already existing
entries with attribute values but cannot create new ones.

Is this possible with OpenLDAP 2.0.7?

I have looked at the access control stuff but to me it seems to be
impossible at the current state.

Heiko Nardmann (Dipl.-Ing.), h.nardmann@secunet.de, Software Development

secunet Security Networks AG - Sicherheit in Netzwerken
Weidenauer Str. 223-225, D-57076 Siegen
Tel. : +49 271 48950-13, Fax  : +49 271 48950-50