On May 22, 2023, at 12:58 PM, Quanah Gibson-Mount quanah@fast-mail.org wrote:
--On Sunday, May 21, 2023 11:09 AM +0000 sysadm+ldap-technical@rolep.work wrote:
Hello, Is there any way to approve (past or future) DIT changes by more than one people? OpeLDAP has ACL sets, I know. But I don't understand, how (or even can I) to use it forr approve changes in (part of) DIT by two or more people (must not singly, but whole set of people).
You'd have to set up an external process to run changes through that requires approval, and then in some way pushes the changes into LDAP. Quite frankly having an approval process for making changes to the contents of the data in a database seems rather... odd.
A common scenario in Identity Management workflows. For example, two managers must approve any user being assigned [some powerful group/role].
Having said that, it’s beyond the scope of OpenLDAP. Falls into the space of IdM systems, for which OpenLDAP is just one of many resources.
--Quanah