Re: Authenticated users can create new entries but then only creator can modify entry

[Michael Ströder <michael@stroeder.com>]

Howard Chu wrote:
> Emmanuel Dreyfus wrote:
> > On Wed, Aug 06, 2008 at 09:38:52AM +0200, Pierangelo Masarati wrote:
> > > Did you read slapd.access(5)?  Did you read the requirements for the 
> > > add and modify operations?  You need to add access to "entry" to 
> > > allow entry addition; you need to add access to attributes to allow 
> > > their modification.
> >
> > Speaking about that: how to allow entry creation while maintaining
> > constraints on what is being added? ie: if you want users to add entries,
> > but not with a specific attribute set?
> Currently there's no checking for this.
> http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4556
>
> It would probably be a good idea to add it.

I'd really like to see support for that. I know a LDAP client which will 
be available for interop testing of DIT structure rules pretty soon. ;-)

Ciao, Michael.