[Issue 9640] New: ACL privilege for MOD_INCREMENT

18 Aug 2021


      https://bugs.openldap.org/show_bug.cgi?id=9640
Issue ID: 9640
           Summary: ACL privilege for MOD_INCREMENT
           Product: OpenLDAP
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: normal
          Priority: ---
         Component: slapd
          Assignee: bugs@openldap.org
          Reporter: michael@stroeder.com
  Target Milestone: ---
I'm using LDAP write operations with MOD_INCREMENT with pre-read-control for
uidNumber/gidNumber generation.
I'd like to limit write access to an Integer attribute "nextID" to
MOD_INCREMENT, ideally even restricting the de-/increment value.
(Uniqueness is achieved with slapo-unique anyway but still I'd like to avoid
users messing with this attribute).
IMHO the ideal solution would be a new privilege "i".
Example for limiting write access to increment by one and grant read access for
using read control:
access to
  attrs=nextID
  val=1
    by group=... =ri
Example for decrementing by two without read:
access to
  attrs=nextID
  val=-2
    by group=... =i
-- 
You are receiving this mail because:
You are on the CC list for the issue.

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

[Issue 9640] New: ACL privilege for MOD_INCREMENT