On Dec 8, 2022, at 6:46 PM, Alex Samad - Yieldbroker
From the online doco re
> Level Privileges Description
> none = 0 no access
> disclose = d needed for information disclosure on error
> auth = dx needed to authenticate (bind)
> compare = cdx needed to compare
> search = scdx needed to apply search filters
> read = rscdx needed to read search results
> write = wrscdx needed to modify/rename
> manage = mwrscdx needed to manage
I couldn't find out what the difference between manage and write is what does the M
olcAccess: to dn.subtree="ou=Users,"
by dn.exact="cn=directory,ou=Roles," manage by * break
so for the subtree ou=User
I want to allow cn=directory to add / modify / delete any children of ou=Users. Reading
the doco its seems like I only need to give it write access, what can I do extra with
THE <ACCESS> FIELD
thus manage grants all access including administrative access. This access allows some
modifications which would otherwise be prohibited by the LDAP data model or the directory
schema, e.g. changing the structural objectclass of an entry, or modifying an operational
attribute that is defined as not user modifiable.
The write access is actually the combination of add and delete, which respectively
restrict the write privilege to add or delete the specified <what>.
Write access should suffice. You probably won’t need to grant service accounts manage
access. You can always add it later if need be.
Also for userPassword attr to write to it do I need to have the read or can I just have
``` man (cont)
The level access model relies on an incremental interpretation of the access privileges.
The possible levels are none, disclose, auth, compare, search, read, write, and manage.
Each access level implies all the preceding ones