[Issue 9671] pwdPolicySubentry: no user modification allowed

https://bugs.openldap.org/show_bug.cgi?id=9671 --- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net&gt; --- On Tue, Sep 07, 2021 at 08:30:27PM +0000, openldap-its(a)openldap.org wrote: Hi Michael, then we should revisit the Behera draft and check where it makes sense for attribute to be marked NO-USER-MODIFICATION. I've already had to make changes to the local version where things were omitted: https://git.openldap.org/openldap/openldap/-/commit/2b007d01dbd924cf11f88... If we can agree and produce a newer draft, we can consider making changes in the ppolicy overlay. To the best of my knowledge, it is not possible to mutate schema based on configuration so making this an admin choice is not something we can do. Sounds like adding manage permissions on the attribute (and maybe the "entry" attribute) could be a targeted way of allowing this operation? Regards, -- You are receiving this mail because: You are on the CC list for the issue.