Deny write access to new accounts - openldap-technical - openldap.org

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

December

Deny write access to new accounts

multiple TOTP token for one user...

olclimit dn.base <>...

beren beren

Wednesday, 30 March 2022 Wed, 30 Mar '22

6:01 a.m.

Hi. Is it possible to make admin Bob unable to edit accounts (delete, create, change passwords)created this year ? There is an idea to move them to a group or OU and give Bob the rights to write only there. Is there a more elegant solution ?

Attachments:

attachment.htm (text/html — 292 bytes)

Reply

Show replies by date

Howard Chu

Wednesday, 30 March Wed, 30 Mar

8:37 a.m.

beren beren wrote:

Hi. Is it possible to make admin Bob unable to edit accounts (delete, create, change passwords)created this year ? There is an idea to move them to a group or OU and give Bob the rights to write only there. Is there a more elegant solution ?

Sure, use a filter like (createTimestamp>=20220101000000) in the ACL. -- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/

Reply

543

days inactive

543

days old

openldap-technical@openldap.org

Manage subscription

1 comments

2 participants

tags (0)

participants (2)

beren beren
Howard Chu