https://bugs.openldap.org/show_bug.cgi?id=9671
--- Comment #3 from Ondřej Kuzník <ondra(a)mistotebe.net> ---
On Tue, Sep 07, 2021 at 08:30:27PM +0000, openldap-its(a)openldap.org wrote:
So what's the correct process. Using Relax Rules control.
Seriously?
Especially this sucks given that access control for using controls does not
really exist. In Æ-DIR I definitely don't want to grant manage privileges to
admins doing normal data maintenance.
Hi Michael,
then we should revisit the Behera draft and check where it makes sense
for attribute to be marked NO-USER-MODIFICATION. I've already had to
make changes to the local version where things were omitted:
https://git.openldap.org/openldap/openldap/-/commit/2b007d01dbd924cf11f88...
If we can agree and produce a newer draft, we can consider making
changes in the ppolicy overlay. To the best of my knowledge, it is not
possible to mutate schema based on configuration so making this an admin
choice is not something we can do.
Sounds like adding manage permissions on the attribute (and maybe the
"entry" attribute) could be a targeted way of allowing this operation?
Regards,
--
You are receiving this mail because:
You are on the CC list for the issue.