[Date Prev][Date Next]
Re: manage vs write
> What access privileges over a particular suffix are granted to somebody
> with the "manage" level that somebody with the "write" level does not get?
> As background, using 2.4.26:
> This document specifies that somebody with the level "manage" gets
> everything else:
> On the other hand, slapd.access(5) specifies that "manage grants all
> access including administrative access. The write access is actually the
> combination of add and delete, which respectively restrict the write
> privilege to add or delete the specified <what>."
> (I am very puzzled. It strikes me that once I can write (add/delete) any
> entry in a subtree I effectively manage it.)
According to slapd.access(5), the "manage" privilege grants all usual
access privileges, plus administrative access. See for example
<draft-zeilenga-ldap-relax> and many more, e.g. writing (certain)
operational attributes and so.