[Date Prev][Date Next]
Re: Authenticated users can create new entries but then only creator can modify entry
Michael Ströder wrote:
Howard Chu wrote:
Actually I was referring more to adding the ACL check; DIT structure rules are
really not the answer to this enhancement request.
Emmanuel Dreyfus wrote:
On Wed, Aug 06, 2008 at 09:38:52AM +0200, Pierangelo Masarati wrote:
Did you read slapd.access(5)? Did you read the requirements for the
add and modify operations? You need to add access to "entry" to
allow entry addition; you need to add access to attributes to allow
Speaking about that: how to allow entry creation while maintaining
constraints on what is being added? ie: if you want users to add entries,
but not with a specific attribute set?
Currently there's no checking for this.
It would probably be a good idea to add it.
I'd really like to see support for that. I know a LDAP client which will
be available for interop testing of DIT structure rules pretty soon. ;-)
I commented on this on -devel some months ago - for fine-grained delegation of
admin privileges, we really need to be able to control which users can create
what type of entries under cn=config.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/