[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re: ACL for only creating entry
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
>> This rule is totally unnecessary. It has nothing to do with
>> access to users, i.e entries below "ou=users,dc=theoretic,dc=com.
>
> See other mail.
>
>>
>> With the first rule on top you gave webregister write access
>> only to the "entry" meta-attribute, which is totally meaningless.
>
> Thank you!
> It's not so meaninless in my experience !
Not in general, but in this case, yes.
> But then again, I get fooled unlimitless by ACL's.
>
>>
>> Then webregister will have write access only below the
>> "ou=users,dc=example,dc=com" subtree.
>
> That's NOT the goal!
> The goal is that webregister can write something and then later NOT read
> it.
then do
access to dn.regex="uid=([^,]+),ou=users,dc=example,dc=com"
by dn.exact="uid=webregister,..." =xcsw
p.
--
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it