beren beren wrote:
Is it possible to make admin Bob unable to edit accounts (delete, create, change
passwords)created this year ? There is an idea to move them to a group or OU
and give Bob the rights to write only there. Is there a more elegant solution ?
Sure, use a filter like (createTimestamp>=20220101000000) in the ACL.
-- Howard Chu
CTO, Symas Corp. http://www.symas.com
Director, Highland Sun http://highlandsun.com/hyc/
Chief Architect, OpenLDAP http://www.openldap.org/project/