[Date Prev][Date Next] [Chronological] [Thread] [Top]

Copying entries without access to all attributes


In case we have entries which include some (administrative) attributes not visible or writable by a number of our administrator accounts, is there a way to allow these administrator accounts to create new entries which will forcibly include the aforementioned attributes, e.g. by providing default values to them? Ideally, these default attribute values should be dependent on the logged-in user (administrator).

{In practice, these admins will be using a GUI to copy existing entries to new ones; we want to make sure that any non-visible/non-writable attributes will also be copied.}

Any hint regarding such an implementation would be appreciated.

Of course, we could create a front-end application where such operations would be executed with elevated privileges so as to ensure writing of any required attributes, but it would be nice if this is possible without resorting to such a solution (by using standard openldap functionality).