[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: Unclear attribute: entry



Klaus Ethgen <klaus+usenet@ethgen.de> writes:

> Hello,
>
> I have to admit that I do not know what exactly the entry attribute (and
> partly the children attribute too) is for. I know that it is needed to
> give access to any other attribute but that is not enough for me as I
> want to _know_ what it is for.
>
> Unfortunately I did not find a more clear description of this attribute
> than "scope limited to this entry" which is somewhat meaningless for me.
>
> So my question is what is the rights that are needed for which entry
> attribute (in tree) to allow read, write, search or other access to
> other attributes?
>
> Please excuse that I did crosspost this question to three groups as
> there is no user group and g.n.o.general is very empty so it was not
> clear if it is read at all.

entry and children are so called pseudo attributes. They are mainly
used to allow access to children of an entry. As example you have an
entry ou=users,dc=example,dc=com and want to allow access to children
of this entry but no read or write access to the entry itself, a rule
set could be

access to dn.onelevel=ou=users,dc=example,dc=com
       by users write
       by anonymous auth
access to dn.base=ou=users,dc=example,dc=com attrs=entry,children
       by users write
       by anonymous auth

-Dieter

-- 
Dieter Klünter | Systemberatung
sip: 7770535@sipgate.de 
http://www.dpunkt.de/buecher/2104.html
GPG Key ID:8EF7B6C6