[Date Prev][Date Next]
One more ACL question
I have a tree where each ou has a manager attribute containing the DN of
users allowed to perform some administrative operations:
I already have an ACL allowing managers to create and delete children in
the ou where they are listed as manager:
access to dn.regex="(ou=.+,o=home)$" attrs=children
by group/netExampleService/manager.expand="$1" write stop
by * read stop
Now I would like to restrict the delete operation to children that do
not have a given attribute set. i.e.: I want the ACL above to apply only
on children matching the filter (!(locked=TRUE))
Is it possible?
If it is not, is there a way to give the addition right without giving
the delete right?