[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
OpenLDAP create children only
Hi,
I would like to give a set of users the ability to create objects in the
directory under a specific dn. It seems by reading the Admin Manual
(specifically the bottom of 8.3.1) that setting the children attribute I
can create correctly. I do not wish that they can remove the DN after
they have added. So I can't just give them write access to the DN or
that will give them the ability to delete. Am I missing something or is
this just not possible with the current ACL structure.
Eg.
olcAccess: {9} to dn="ou=groups,dc=example,dc=com" attrs=children by
dn.children="ou=people,dc=example,dc=com" write
So I would like to add a group,
cn=foo,ou=groups,dc=example,dc=com
but not allow someone in ou=people,dc=example,dc=com to delete the DN
after it is created.
Thanks,
derek
--
---
Derek T. Yarnell
University of Maryland
Institute for Advanced Computer Studies