Howard Chu wrote:Actually I was referring more to adding the ACL check; DIT structure rules are really not the answer to this enhancement request.Emmanuel Dreyfus wrote:On Wed, Aug 06, 2008 at 09:38:52AM +0200, Pierangelo Masarati wrote:Did you read slapd.access(5)? Did you read the requirements for the add and modify operations? You need to add access to "entry" to allow entry addition; you need to add access to attributes to allow their modification.Speaking about that: how to allow entry creation while maintaining constraints on what is being added? ie: if you want users to add entries, but not with a specific attribute set?
Currently there's no checking for this. http://www.openldap.org/its/index.cgi/Software%20Enhancements?id=4556
It would probably be a good idea to add it.
I'd really like to see support for that. I know a LDAP client which will be available for interop testing of DIT structure rules pretty soon. ;-)
Ciao, Michael.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/