[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
ACL, delete and children
Hello,
I want to allow member of a group to add entries in for exemple dc=com but I want to allow deletion of dc=aa,dc=com only by
members of group dc=aa,dc=com
This doesn't seems to be possible as children attr is used for add and delete.
I tried this ACL:
#For creation in dc=XX,dc=YY tree and write access to dc=XX,dc=com
access to dn="dc=(.*),dc=(.*),o=sbuilders"
attr=children,entity
by group="dc=$1,dc=$2,o=sbuilders" write
by * none
#For creation in dc=YY
access to dn="dc=(.*),o=sbuilders"
attr=children
by group="cn=add-access,ge=tld,ou=groups,o=sbuilders" write
by * none
Is there a way to do what I want ?
If not, is it possible to add anothers attributes like children (may be children-add and children-delete) which will be tested
for add or delete operation before testing children attribute (I don't know if ACL design are parts of the ldap RFC or if it's
a "free" part).
Thank you.
Manuel
--
____________________________________________________________________
Manuel GUESDON - SOFTWARE BUILDERS <mguesdon@sbuilders.com>
http://www.sbuilders.com PGP Key Id: 12C3E391
PGP Signed/Encrypted mails prefered