ITS#4556 ACLs for new entries

Friday, 21 September 2007


Revisiting this topic - DITStructureRules are not a solution to this problem. 
E.g. in cn=config, now that you can grant write access to arbitrary users, it 
becomes pretty critical to be able to prevent certain users from creating 
certain types of objects. E.g., I may want to allow someone to be able to 
create one type of child object under cn=config (e.g., databases) but not some 
other type (e.g., modules). So at the very least we need to be able to use ACL 
filters on new entries.
-- 
   -- Howard Chu
   Chief Architect, Symas Corp.  http://www.symas.com
   Director, Highland Sun        http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP     http://www.openldap.org/project/

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

ITS#4556 ACLs for new entries