[Date Prev][Date Next] [Chronological] [Thread] [Top]

manage vs write



What access privileges over a particular suffix are granted to somebody with the "manage" level that somebody with the "write" level does not get?



As background, using 2.4.26:

This document specifies that somebody with the level "manage" gets everything else:

http://www.openldap.org/doc/admin24/access-control.html#The%20access%20to%20grant

On the other hand, slapd.access(5) specifies that "manage grants all access including administrative  access. The write access is actually the combination of add and delete, which respectively restrict  the  write  privilege  to  add  or delete the specified <what>."

(I am very puzzled. It strikes me that once I can write (add/delete) any entry in a subtree I effectively manage it.)