Hello,
According to SLAPD.ACCESS(5) the access needed to the 'entry' pseudo-attribute always correspond to the access needed on the 'children' pseudo-attribute of the entry's parent. The only exception is the search operation.
So what is the purpose of children? Are there examples of ACLs where the two pseudo-attributes are treated differently.
Regards, Thierry
Thierry Lacoste wrote:
Hello,
According to SLAPD.ACCESS(5) the access needed to the 'entry' pseudo-attribute always correspond to the access needed on the 'children' pseudo-attribute of the entry's parent. The only exception is the search operation.
So what is the purpose of children? Are there examples of ACLs where the two pseudo-attributes are treated differently.
Your question makes no sense. Perhaps you can rephrase it.
Note that modrdn requires quite different privileges on each of the pseudo-attributes involved.
On 11 mai 09, at 04:54, Howard Chu wrote:
Thierry Lacoste wrote:
Hello,
According to SLAPD.ACCESS(5) the access needed to the 'entry' pseudo-attribute always correspond to the access needed on the 'children' pseudo-attribute of the entry's parent. The only exception is the search operation.
So what is the purpose of children? Are there examples of ACLs where the two pseudo-attributes are treated differently.
Your question makes no sense. Perhaps you can rephrase it.
Note that modrdn requires quite different privileges on each of the pseudo-attributes involved.
You're absolutely right.` Stupid me. I was reading the man of the 2.3 series. Sorry for the noise.
Regards, Thierry
openldap-software@openldap.org