[Date Prev][Date Next] [Chronological] [Thread] [Top]

ACL, delete and children

To: openldap-software@OpenLDAP.org
Subject: ACL, delete and children
From: Manuel Guesdon <ml@sbuilders.com>
Date: Wed, 24 Nov 1999 18:40:05 +0000 ( )
Organization: Software Builders

Hello,

I want to allow member of a group to add entries in for exemple dc=com but I want to allow deletion of dc=aa,dc=com only by
members of group dc=aa,dc=com

This doesn't seems to be possible as children attr is used for add and delete.

I tried this ACL:

#For creation in dc=XX,dc=YY tree and write access to dc=XX,dc=com
access to dn="dc=(.*),dc=(.*),o=sbuilders"
	attr=children,entity
	by group="dc=$1,dc=$2,o=sbuilders" write
	by * none

#For creation in dc=YY
access to dn="dc=(.*),o=sbuilders"
	attr=children
	by group="cn=add-access,ge=tld,ou=groups,o=sbuilders" write
	by * none



Is there a way to do what I want  ?

If not, is it possible to add anothers attributes like children (may be children-add and children-delete) which will be tested
for add or delete operation before testing children attribute (I don't know if ACL design are parts of the ldap RFC or if it's
a "free" part).


Thank you.

Manuel


--
____________________________________________________________________
Manuel GUESDON  -  SOFTWARE BUILDERS        <mguesdon@sbuilders.com>
http://www.sbuilders.com                        PGP Key Id: 12C3E391
PGP Signed/Encrypted mails prefered

Follow-Ups:
- Re: ACL, delete and children
  - From: "Kurt D. Zeilenga" <kurt@boolean.net>

Prev by Date: ldapsearch from list
Next by Date: Re: What is T.61 (Was: Chinese Character)
Index(es):
- Chronological
- Thread