[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: R: Re: R: Enforcing attribute ACL on add operations

To: hyc@symas.com (Howard Chu)
Subject: Re: R: Re: R: Enforcing attribute ACL on add operations
From: manu@netbsd.org (Emmanuel Dreyfus)
Date: Sun, 28 Sep 2008 08:00:13 +0200
Cc: Pierangelo Masarati <ando@sys-net.it>, openldap-devel@openldap.org
In-reply-to: <48DF17D4.8010404@symas.com>
User-agent: MacSOUP/2.7 (unregistered for 617 days)

Howard Chu <hyc@symas.com> wrote:

> > 2) should modrdn be fixed the same way? Other operations?
> I'm not yet convinced. What's the scenario you see here?

I have the right to move users from a branch to another, but ACL
restrict some atttributes (e.g.: gidNumber) depending on the branch. A
modrdn allows me to circunvent the ACL.

That's a bit  far fetched, but I wonder if some setups could benefit
from such a check.

-- 
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org

References:
- Re: R: Re: R: Enforcing attribute ACL on add operations
  - From: Howard Chu <hyc@symas.com>

Prev by Date: Re: R: Re: R: Enforcing attribute ACL on add operations
Next by Date: R: Re: R: Re: R: Enforcing attribute ACL on add operations
Index(es):
- Chronological
- Thread