HI!
Considering to use LDAP write operations with MOD_INCREMENT with pre-read-control for uidNumber/gidNumber generation I'd like to reduce write access to an Integer attribute "nextID" to MOD_INCREMENT. (Uniqueness is achieved with slapo-unique anyway but still I'd like to avoid users messing with this attribute).
I suspect the ideal solution results in a feature request for a new privilege "i". ;-)
access to attrs=nextID by group=... =ri
Or at least avoid that someone sets the value to a lower value. Maybe this can be achieved with slapo-constraint.
Any more ideas?
Ciao, Michael.
openldap-technical@openldap.org