'Re: ACL: user who can just create but not delete entries'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       openldap-technical
Subject:    Re: ACL: user who can just create but not delete entries
From:       Dieter Kluenter <dieter () dkluenter ! de>
Date:       2008-08-21 17:09:25
Message-ID: 871w0ifg6y.fsf () magenta ! l4b ! de
[Download RAW message or body]

"Stefano Zanmarchi" <zanmarchi(a)gmail.com> writes:

> Hi,
> I'd like to create a special user ("cn=useradmin,dc=myorg,dc=com")
> whose task would be creating new entries under "ou=people,dc=myorg,dc=com".
>
> My problem is that useradmin will be used by a not completely trusted
> application.
> Can I prevent useradmin from deleting or modifying entries under
> "ou=people,dc=myorg,dc=com"?

man slapd.access(5), search for 'priv access model'.

-Dieter 

-- 
Dieter Klünter | Systemberatung
http://www.dkluenter.de
GPG Key ID:8EF7B6C6

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic