[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACL for only creating entry



> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
>> This rule is totally unnecessary.  It has nothing to do with
>> access to users, i.e entries below "ou=users,dc=theoretic,dc=com.
>
> See other mail.
>
>>
>> With the first rule on top you gave webregister write access
>> only to the "entry" meta-attribute, which is totally meaningless.
>
> Thank you!
> It's not so meaninless in my experience !

Not in general, but in this case, yes.

> But then again, I get fooled unlimitless by ACL's.

>
>>
>> Then webregister will have write access only below the
>> "ou=users,dc=example,dc=com" subtree.
>
> That's NOT the goal!
> The goal is that webregister can write something and then later NOT read
> it.

then do

access to dn.regex="uid=([^,]+),ou=users,dc=example,dc=com"
    by dn.exact="uid=webregister,..." =xcsw

p.

-- 
Pierangelo Masarati
mailto:pierangelo.masarati@sys-net.it