Pierangelo Masarati schrieb:
...
however this would inhibit object creation as well. And the rootdn would have write permissions anyway.
I don't see any other possibility at the moment.
I'll check with 2.2 (but probably not before weekend). Right now moving to 2.2 does not seem to be an option for us, I was just hoping that there was a fix for 2.1 . The only chance for upgrading the ldap-master to 2.2 would be if we don't have to upgrade the slaves too (which probably "should" work I guess, but for production environment I would prefer to test, not to guess ;-) - we use slurpd replication)
2 ACLs, one with each possible attribute in the attribute line and the rule that allows to write followed by one without an attribute line with read permissions?
BTW: is anybody aware of a patch/fix for the upper problem (which would obviously make my workaround obsolete)?
2.1 is not going to be fixed any more, unless any volunteer comes out with a fix that can be hosted in the ITS. I'm curious if by any chance the problem still occurs in 2.2; can you check? and, in case, would you mind filing an ITS?
Bye, Oliver