[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL: user who can just create but not delete entries



"Stefano Zanmarchi" <zanmarchi@gmail.com> writes:

> Hi,
> I'd like to create a special user ("cn=useradmin,dc=myorg,dc=com")
> whose task would be creating new entries under "ou=people,dc=myorg,dc=com".
>
> My problem is that useradmin will be used by a not completely trusted
> application.
> Can I prevent useradmin from deleting or modifying entries under
> "ou=people,dc=myorg,dc=com"?

man slapd.access(5), search for 'priv access model'.

-Dieter 

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6