[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL privilege for MOD_INCREMENT

To: openldap-technical@openldap.org
Subject: ACL privilege for MOD_INCREMENT
From: Michael Ströder <michael@stroeder.com>
Date: Tue, 20 Sep 2016 14:09:02 +0200
User-agent: Roundcube Webmail/1.2.1

HI!

Considering to use LDAP write operations with MOD_INCREMENT withpre-read-control for uidNumber/gidNumber generation I'd like to reducewrite access to an Integer attribute "nextID" to MOD_INCREMENT.(Uniqueness is achieved with slapo-unique anyway but still I'd like toavoid users messing with this attribute).

I suspect the ideal solution results in a feature request for a newprivilege "i". ;-)


access to
  attrs=nextID
    by group=... =ri

Or at least avoid that someone sets the value to a lower value.
Maybe this can be achieved with slapo-constraint.

Any more ideas?

Ciao, Michael.

Prev by Date: Re: Does everybody end up writing their own directory management programs?
Next by Date: How to move from hdb to mdb
Index(es):
- Chronological
- Thread