[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Allowing users to add, but not delete, entries?

Gervase Markham wrote:

Summary: is it possible to configure access control such that users to
can add, but not delete, entries?

This is difficult, because as far as I can see the "write" permission
does not distinguish between adding and deleting.

Can someone tell me if this is possible?

Sounds to me like you haven't read the slapd.access(5) manpage.

The answer is "yes." Read the section on "THE <ACCESS> FIELD" in the manpage.

  -- Howard Chu
  CTO, Symas Corp.           http://www.symas.com
  Director, Highland Sun     http://highlandsun.com/hyc/
  Chief Architect, OpenLDAP  http://www.openldap.org/project/