[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for only creating entry

To: openldap-software@OpenLDAP.org
Subject: Re: ACL for only creating entry
From: Ace Suares <ace@suares.nl>
Date: Mon, 15 Dec 2003 08:21:47 -0400
Content-description: clearsigned data
Content-disposition: inline
In-reply-to: <36568.131.175.154.56.1071485692.squirrel@webmail.sys-net.it>
Organization: Ace Suares' Internet Consultancy
References: <2048.209.16.240.20.1071481632.squirrel@mail.theoretic.com> <36568.131.175.154.56.1071485692.squirrel@webmail.sys-net.it>
User-agent: KMail/1.5.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



> This rule is totally unnecessary.  It has nothing to do with
> access to users, i.e entries below "ou=users,dc=theoretic,dc=com.

See other mail.

>
> With the first rule on top you gave webregister write access
> only to the "entry" meta-attribute, which is totally meaningless.

Thank you!
It's not so meaninless in my experience !
But then again, I get fooled unlimitless by ACL's.

>
> Then webregister will have write access only below the
> "ou=users,dc=example,dc=com" subtree.

That's NOT the goal!
The goal is that webregister can write something and then later NOT read it.

I believe it's possible, from my experiments - however, I don't understand the 
theory behind it. If you can debunk the theory, I'd be glad - but please do 
it with 'exact science' ;-)

website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQE/3addy7boE8xtIjURAriHAKC1J2q44lrBEmGMtwaebGpcc8DDUgCdHgLG
BD5S4mdhhbw3viPpay4/1k0=
=ZHa1
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: ACL for only creating entry
  - From: "Pierangelo Masarati" <ando@sys-net.it>

References:
- ACL for only creating entry
  - From: <adamtheo@theoretic.com>
- Re: ACL for only creating entry
  - From: "Pierangelo Masarati" <ando@sys-net.it>

Prev by Date: RE: thread problems w/ slurpd
Next by Date: Re: ACL for only creating entry
Index(es):
- Chronological
- Thread