[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: access to ... by Administrator

To: openldap-technical@openldap.org
Subject: Re: access to ... by Administrator
From: stefano <stefano.malini@gmail.com>
Date: Fri, 23 Mar 2012 16:53:29 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type; bh=v8MSH7J/rolfiTEWej5cIhUXsJYE2wRmO4g/OrYTIRM=; b=fJ2VPnPxFpK7tvcIEamQ7jHT5zZFaPpQPzus50PG2x04jooYg+iZi2NZdf5UFvrB8f PhvPTmPAwcgnd4hKcIIbbUWMz5CKiHqO6RkSQFj8xZp1UYKSFvgeIfp4HOXfGL0+RNlP O7nhMfZocHVCpRP/PhGoEK8aOVST9/pqk+5cwtEn6UeKnS9qf331pISs2puN43VnD7Rj RGAKVd9KThX/P8zGsVaPUBhV1Nz1BdRXzZo80BfrvAoIIUPdAoF2xj+Fyvomd4lSzarn dBwjZd4q1MHcC/q17QuOw47LAO/XlJXnifBPWv8hDvJWykQqsjlw9k/x7oher7t8Pvil 82uQ==
In-reply-to: <4F6C5276.1090507@eurobjects.com>
References: <4F6C4618.6040008@gmail.com> <4F6C5276.1090507@eurobjects.com>
User-agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.24) Gecko/20111108 Thunderbird/3.1.16

On 03/23/2012 11:37 AM, Nick Milas wrote:

On 23/3/2012 11:44 ÏÎ, stefano wrote:

Do i have to specify it or the administrator has the access right to every attribute?

Quote from: http://www.openldap.org/doc/admin24/access-control.html :

"Regardless of what access control policy is defined, the rootdn is always allowed full rights (i.e. auth, search, compare, read and write) on everything and anything.

As a consequence, it's useless (and results in a performance penalty) to explicitly list the rootdn among the <by> clauses."

Nick

thanks!

References:
- access to ... by Administrator
  - From: stefano <stefano.malini@gmail.com>
- Re: access to ... by Administrator
  - From: Nick Milas <nick@eurobjects.com>

Prev by Date: Re: syncrepl and structuralObjectClass operational attribute
Next by Date: which is the structural object class for posixAccount/shadowAccount?
Index(es):
- Chronological
- Thread