Re: (ITS#7795) "manage" access right needs better description

31 Jan 2014


      quanah@OpenLDAP.org wrote:
...
What does administrative access mean?
I can't describe the full meaning, only a specific use case:
In some deployments I grant certain admins the right to remove 'pwdHistory'
attribute from an entry. Since this is an operational attribute one has to
grant also manage privilege for letting the client remove the attribute in
case it sends the Relax Rules control along with the modify request.
(yes, web2ldap implements this particular use case ;-)
Example:
access to
  attrs=pwdHistory
    by group="cn=all-mighty admins,dc=example,dc=com" =zm
    by * none
AFAIK this also applies to altering other operational attributes by using
Relax Rules control.
Maybe you can take this as a start for a more general text.
Ciao, Michael.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

Re: (ITS#7795) "manage" access right needs better description