[Date Prev][Date Next]
acls: restricting ADD operation with certain content/attributes
I have this ACL:
access to dn.sub="ou=dhcp,dc=example,dc=com"
by group.exact="cn=DHCP Admins,ou=Group,dc=example,dc=com" write
by group.exact="cn=DHCP Readers,ou=System Accounts,dc=example,dc=com" read
by * read
I was under the impression that this would only allow the creation of
entries under ou=dhcp if they had dhcpService or dhcpServer object
classes, but this assumption seems wrong.
So, my question is: is there a way to restrict creation of entries so
that only entries of a certain type (objectClass) can be created? It
seems the entry pseudo-attribute allows the creation of any kind of
entry. The most I could restrict is the RDN of the entry by specifying
it in the <what> clause.