[Date Prev][Date Next] [Chronological] [Thread] [Top]

RE: ACL changes for add/delete/rename and back-shell

To: "'Kurt D. Zeilenga'" <Kurt@OpenLDAP.org>, <openldap-devel@OpenLDAP.org>
Subject: RE: ACL changes for add/delete/rename and back-shell
From: "Howard Chu" <hyc@highlandsun.com>
Date: Tue, 8 Oct 2002 11:41:30 -0700
Importance: Normal
In-reply-to: <5.1.0.14.0.20021008110646.0296c3e8@127.0.0.1>

What does entry write access mean when adding an entry? This lets you set up
an ACL that says someone can/cannot create a specific entry?

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc
  Symas: Premier OpenSource Development and Support

> -----Original Message-----
> From: owner-openldap-devel@OpenLDAP.org
> [mailto:owner-openldap-devel@OpenLDAP.org]On Behalf Of Kurt
> D. Zeilenga
> Sent: Tuesday, October 08, 2002 11:16 AM
> To: openldap-devel@OpenLDAP.org
> Subject: ACL changes for add/delete/rename and back-shell
>
>
> I've tweaked the ACL system for both back-bdb and back-ldbm
> to require "entry" write access to the entry being added,
> deleted, or renamed.  Write access to the parent's (or parents')
> "children" is still required.  This, especially when combined
> with the filter clause, can provide finer grained control
> on who can add, delete, rename what where.
>
> I've also modified back-shell to provide "entry-level"
> ACLs for all operations.  This likely should be extended
> to other programmable backends (an exercise I will leave
> to others).
>
> Kurt
>
>
>

Follow-Ups:
- RE: ACL changes for add/delete/rename and back-shell
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

References:
- ACL changes for add/delete/rename and back-shell
  - From: "Kurt D. Zeilenga" <Kurt@OpenLDAP.org>

Prev by Date: ACL changes for add/delete/rename and back-shell
Next by Date: RE: ACL changes for add/delete/rename and back-shell
Index(es):
- Chronological
- Thread