[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: ACLs - allowing a user to add a new attribute

To: openldap-software@openldap.org
Subject: Re: ACLs - allowing a user to add a new attribute
From: Guillaume Rousse <Guillaume.Rousse@inria.fr>
Date: Mon, 12 Apr 2010 23:46:07 +0200
In-reply-to: <4BC35500.4000806@cbnco.com>
References: <4BC35500.4000806@cbnco.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; fr; rv:1.9.1.7) Gecko/20100111 Thunderbird/3.0.1

Le 12/04/2010 19:14, Matt Ingram a écrit :

Hi All.

We're trying to implement acls that will allow our Admins to modify the
LDAP directory without using a generic admin account, and using their
own credentials within LDAP. Our requirement is that the Admins can
modify the mail, uid and userPassword attributes. Which I have working.
Part of this also requires that the Admin has the ability to add those
attributes. That does not work.

We have our system automated so that HR creates a user and the basics
are automatically populated into LDAP, however the mail, uid and
userpassword attributes are not created at that time.

They just don't have any value, because they are optional attributes inthe schema.

What kind of an ACL do I need to allow the Admins to create the mail,
uid and userPassword attributes ?

You can't create them, you just need write perms to set them to someinitial value.

--
BOFH excuse #348:

We're on Token Ring, and it looks like the token got loose.

References:
- ACLs - allowing a user to add a new attribute
  - From: Matt Ingram <mingram@cbnco.com>

Prev by Date: ACLs - allowing a user to add a new attribute
Next by Date: ppolicy_hash_cleartext "recommendation" ?
Index(es):
- Chronological
- Thread