https://bugs.openldap.org/show_bug.cgi?id=9640
Issue ID: 9640 Summary: ACL privilege for MOD_INCREMENT Product: OpenLDAP Version: unspecified Hardware: All OS: All Status: UNCONFIRMED Severity: normal Priority: --- Component: slapd Assignee: bugs@openldap.org Reporter: michael@stroeder.com Target Milestone: ---
I'm using LDAP write operations with MOD_INCREMENT with pre-read-control for uidNumber/gidNumber generation.
I'd like to limit write access to an Integer attribute "nextID" to MOD_INCREMENT, ideally even restricting the de-/increment value.
(Uniqueness is achieved with slapo-unique anyway but still I'd like to avoid users messing with this attribute).
IMHO the ideal solution would be a new privilege "i".
Example for limiting write access to increment by one and grant read access for using read control:
access to attrs=nextID val=1 by group=... =ri
Example for decrementing by two without read:
access to attrs=nextID val=-2 by group=... =i
https://bugs.openldap.org/show_bug.cgi?id=9640
Quanah Gibson-Mount quanah@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Target Milestone|--- |2.7.0
https://bugs.openldap.org/show_bug.cgi?id=9640
Howard Chu hyc@openldap.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Severity|normal |enhancement
https://bugs.openldap.org/show_bug.cgi?id=9640
--- Comment #1 from Quanah Gibson-Mount quanah@openldap.org --- Can add increment access level, the value increment portion can be handled by slapo-constraint
-
openldap-its@openldap.org