Le 12/04/2010 19:14, Matt Ingram a écrit :
Hi All.
We're trying to implement acls that will allow our Admins to modify the LDAP directory without using a generic admin account, and using their own credentials within LDAP. Our requirement is that the Admins can modify the mail, uid and userPassword attributes. Which I have working. Part of this also requires that the Admin has the ability to add those attributes. That does not work.
We have our system automated so that HR creates a user and the basics are automatically populated into LDAP, however the mail, uid and userpassword attributes are not created at that time.
They just don't have any value, because they are optional attributes in the schema.
What kind of an ACL do I need to allow the Admins to create the mail, uid and userPassword attributes ?
You can't create them, you just need write perms to set them to some initial value.