[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: SOLVED Re: Can I do this with OpenLDAP acls?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> access to attr=userPassword
>          by self write
>          by dnattr="masterAccount" write
>          by * auth

Interesting.

But then again, you'd need to update all accounts if you wanted to add another 
administrator. If you where using sets, or groups, you'd just add an 
attribute in the new administators entry (sets) or add the new administrators 
DN to the group (groups).

But it's a very interesting solution for some cases, especially where you have 
some setup where an account can create a limited number of subaccounts that 
are not directly under that account.

Good stuff!

_Ace

website: http://www.suares.nl * http://www.qwikzite.nl
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux)

iD8DBQFAgXI/y7boE8xtIjURAkdRAJ9qG4qIUQaj1M/6g/s0TmFREImikgCfUZ29
6P6Tr5bXQ55rUnFID0fxKII=
=Es/p
-----END PGP SIGNATURE-----