[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Access rights: prevent deletion ?

To: openldap-software@OpenLDAP.org
Subject: Re: Access rights: prevent deletion ?
From: Ace Suares <ace@suares.nl>
Date: Thu, 15 Apr 2004 22:17:30 -0400
Content-description: clearsigned data
Content-disposition: inline
In-reply-to: <m3fzb6jma8.fsf@marin.l4b.de>
Organization: Ace Suares' Internet Consultancy
References: <1081975135.2342.97.camel@digitus.olymp> <m3fzb6jma8.fsf@marin.l4b.de>
User-agent: KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Off the cuff, something like:

access to dn.regex="^uid=.+,dc=example,dc=com$"
	by users read

access to dn.regex="dc=example,dc=com" attrs=children,entry
	by users write

access to dn.regex="dc=example,dc=com" 
	by users read


Toy around with that idea.

The idea is this:

If you haven't made 'uid=ace' yet, the first rule will NOT apply.

The second rule, let's you make children ;-)

The third rule stops people from modifying the top entry (of that branch).

Then, AFTER you made 'uid=ace', the next time you try to do something to that 
entry, the first rule will apply.

Interesting, eh ?

Some day, it worked, but in which version of OL and if that was considered 
broken, or not, I don't know. Just try and see.

_Ace

website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAf0I6y7boE8xtIjURAiSdAJ9ghYFgwL8PHFuKbTafp6LLYzx7/gCePmdI
5yYN48uBHErzWdiSK445tSU=
=GPAs
-----END PGP SIGNATURE-----

References:
- Access rights: prevent deletion ?
  - From: Carsten Zerbst <carsten.zerbst@atlantec-es.com>
- Re: Access rights: prevent deletion ?
  - From: Dieter Kluenter <dieter@dkluenter.de>

Prev by Date: Re: Antwort: about back-perl [Virus checked]
Next by Date: Re: Antwort: about back-perl [Virus checked]
Index(es):
- Chronological
- Thread