[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: having more privileged users



Tarjei Huse wrote:

> Hi,
>
> That was quite a fine bunch og acls you got there. How does the search
> permission work? I didn't know about it.

This page summarizes the syntax of the access directive
http://www.openldap.org/faq/data/cache/447.html

The rights and privileges are assumed to be self explanatory:
http://www.openldap.org/faq/data/cache/453.html

search privilege means that if you use a value in a filter
the filter can be successfully applied, but you cannot, for
instance, read that value. So a compare operation will
succeed if you use the correct value or fail if you use the
wrong one only if you have at least search permission on
that attribute. But if you have no search permission, the
compare will be in an undetermined state.

Pierangelo.

--
Dr. Pierangelo Masarati               | voice: +39 02 2399 8309
Dip. Ing. Aerospaziale                | fax:   +39 02 2399 8334
Politecnico di Milano                 | mailto:masarati@aero.polimi.it
via La Masa 34, 20156 Milano, Italy   | http://www.aero.polimi.it/~masarati