--On Friday, January 31, 2014 5:11 PM +0000 michael(a)stroeder.com wrote:
> What does administrative access mean?
I can't describe the full meaning, only a specific use case:
In some deployments I grant certain admins the right to remove
'pwdHistory' attribute from an entry. Since this is an operational
attribute one has to grant also manage privilege for letting the client
remove the attribute in case it sends the Relax Rules control along with
the modify request.
(yes, web2ldap implements this particular use case ;-)
by group="cn=all-mighty admins,dc=example,dc=com" =zm
by * none
AFAIK this also applies to altering other operational attributes by using
Relax Rules control.
Maybe you can take this as a start for a more general text.
Great example, thanks!
Architect - Server
Zimbra :: the leader in open source messaging and collaboration