[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: ACL issue with dnattr
Deleting an entry also requires write access to the "children"
pseudo-attribute of the parent entry.
-- Howard Chu
Chief Architect, Symas Corp. Director, Highland Sun
http://www.symas.com http://highlandsun.com/hyc
Symas: Premier OpenSource Development and Support
> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Michael
> Donnelly
> Sent: Wednesday, March 27, 2002 3:22 PM
> To: Michael Donnelly
> Cc: OpenLDAP Mailling List
> Subject: Re: ACL issue with dnattr
>
>
> A little more clarification.
>
> a) The owners are set on children of ou=exampleGroups, not on the
> OU entry.
> b) I cannot remove a child entry when bound with the DN (as stored in
> owner) for that child entry.
>
> Michael Donnelly wrote:
>
> > I've included the following ACL into my slapd.conf file.
> >
> > access to dn=".*,ou=exampleGroups,dc=([^,]+),dc=([^,]+)"
> > by dnattr=owner write
> > by * read
> >
> > access to ou=exampleGroups,dc=([^,]+),dc=([^,]+)"
> > by dnattr=owner write
> > by * read
> >
> >
> > With this, I've found no problems editing an existing entry under
> > ou=exampleGroups,dc=foobar,dc=com when bound with the DN of an owner.
> > (No other ACL grants the bound connection any rights other than read.)
> >
> > However, I am unable to delete the entry when bound as the owner. I'm
> > running OpenLDAP 2.0.23
> >
> > Is this a bug?
> > Is there a work-around?
> >
> >
> >
> >
>