[Date Prev][Date Next] [Chronological] [Thread] [Top]

manage vs write

To: openldap-technical@openldap.org
Subject: manage vs write
From: Christopher Wood <christopher_wood@pobox.com>
Date: Wed, 7 Sep 2011 15:41:35 -0400
Content-disposition: inline
Dkim-signature: v=1; a=rsa-sha1; c=relaxed; d=pobox.com; h=date:from:to :subject:message-id:mime-version:content-type; s=sasl; bh=IuRAMu 8ZK+v3SpCtdai3KY0Lr7o=; b=psszI7KwWIYwBVdbZaqu137Bb8gKSkkDw1wc0t NVqxxWQpi3EHM5XB9w7Wap/a5Eca8JnpBwePYTQtSMXueBaO78GucRRjPQTmB7G6 3qmYS/eMwhJEKYEQKCr6MBTMRP6ZOnxH3qbNrH35FXDWeEgrOY6/6yAt3uPX/N7D LzWt8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=pobox.com; h=date:from:to :subject:message-id:mime-version:content-type; q=dns; s=sasl; b= wB7AjnfK2I+OeqHZWRZBjWd5tUmWH0hr4TDBm2m7/FbNCcrUl+QHXteOkNokQUZ6 LP54TduEZoP0KIE8SWtiFqssP6eREIAZ501BUCYTpqZ9qY2D5/5Iqspl7iRUCtzB VtANFJuGvHzi7iCd/GRzhATdn2MpUU/gwwXZ3Vm+7ro=
User-agent: Mutt/1.5.20 (2009-06-14)

What access privileges over a particular suffix are granted to somebody with the "manage" level that somebody with the "write" level does not get?



As background, using 2.4.26:

This document specifies that somebody with the level "manage" gets everything else:

http://www.openldap.org/doc/admin24/access-control.html#The%20access%20to%20grant

On the other hand, slapd.access(5) specifies that "manage grants all access including administrative  access. The write access is actually the combination of add and delete, which respectively restrict  the  write  privilege  to  add  or delete the specified <what>."

(I am very puzzled. It strikes me that once I can write (add/delete) any entry in a subtree I effectively manage it.)

Follow-Ups:
- Re: manage vs write
  - From: masarati@aero.polimi.it

Prev by Date: Re: How to replace account with inetOrgPerson?
Next by Date: Re: Disable Anonymous Access
Index(es):
- Chronological
- Thread