Re: Possible ppolicy override for other than rootDN

[Christian Kratzer <ck-lists@cksoft.de>]

Hi,

On Wed, 5 Jun 2013, Michael StrÃder wrote:
<snipp/>
> > So one would need to check for manage access to userPassword an if the
> > relax control rule has been sent in this request.
> >
> > I will try searching the code to see if any of that is readily accessible
> > in the context needed for the check.  I have not looked to deep in the
> > openldap code yet to fully understand the internal archicture.
>
> It's already done like this e.g. for write access to operational attribute
> 'pwdHistory'.

ok. Thanks for the pointer. I'll research and see if it possibly already
works that way.

Greetings
Christian

--
Christian Kratzer                      CK Software GmbH
Email:   ck@cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer