[Fwd: ITS#4556 ACLs for new entries]

11 Nov 2008


      For completeness' sake...
ACL checking for Added entries is available in RE24/HEAD. See the 
add_content_acl / olcAddContentAcl setting in slapd.conf/slapd.d. The default 
for most DBs is off, for backward compatibility. It is ON by default for 
cn=config.
-------- Original Message --------
Subject: ITS#4556 ACLs for new entries
Date: Fri, 21 Sep 2007 09:00:37 -0700
From: Howard Chu hyc@symas.com
To: OpenLDAP Devel openldap-devel@openldap.org
Revisiting this topic - DITStructureRules are not a solution to this problem.
E.g. in cn=config, now that you can grant write access to arbitrary users, it
becomes pretty critical to be able to prevent certain users from creating
certain types of objects. E.g., I may want to allow someone to be able to
create one type of child object under cn=config (e.g., databases) but not some
other type (e.g., modules). So at the very least we need to be able to use ACL
filters on new entries.
-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Fwd: ITS#4556 ACLs for new entries]