[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs - allowing a user to add a new attribute

Le 12/04/2010 19:14, Matt Ingram a écrit :
Hi All.

We're trying to implement acls that will allow our Admins to modify the
LDAP directory without using a generic admin account, and using their
own credentials within LDAP. Our requirement is that the Admins can
modify the mail, uid and userPassword attributes. Which I have working.
Part of this also requires that the Admin has the ability to add those
attributes. That does not work.

We have our system automated so that HR creates a user and the basics
are automatically populated into LDAP, however the mail, uid and
userpassword attributes are not created at that time.
They just don't have any value, because they are optional attributes in the schema.

What kind of an ACL do I need to allow the Admins to create the mail,
uid and userPassword attributes ?
You can't create them, you just need write perms to set them to some initial value.
BOFH excuse #348:

We're on Token Ring, and it looks like the token got loose.