NAVIGATION
CATEGORIES
REFERRENCE
LINKS
acls: restricting ADD operation with certain content/attributes
0 answers - 831 bytes -
(openldap-2.3.21)
I have this ACL:
access to dn.sub="ou=dhcp,dc=example,dc=com"
attrs=children,entry,@dhcpService,@dhcpServer
by group.exact="cn=DHCP Admins,ou=Group,dc=example,dc=com" write
by group.exact="cn=DHCP Readers,ou=System Accounts,dc=example,dc=com" read
by * read
I was under the impression that this would only allow the creation of
entries under ou=dhcp if they had dhcpService or dhcpServer object
classes, but this assumption seems wrong.
So, my question is: is there a way to restrict creation of entries so
that only entries of a certain type (objectClass) can be created? It
seems the entry pseudo-attribute allows the creation of any kind of
entry. The most I could restrict is the RDN of the entry by specifying
it in the <whatclause.
QUESTION ON "Networking"
- howto mainlog -= rejectlog
- ldapsearch returns nothing after upgrade from v2.0.27-11 to v2.3.20
- Automatic redirection
- Copy functionality
- (ITS#4530) Patch to support configuration directories
- PPP multilink synchronization
- ospf over unnumbered DSL interfaces.
- LDAP in squirrelmail
- silently neglected requests fixed by restarting dhcpd
- connection problem
- Automatic redirection
- enabling syslog service in freeradius-1.1.1
- ippool
- dcef disabled on VIP 2-40 Slot !
- ctl_deliver or cyr_expire?
- readproctitle service errors: ...nied?setuidgid: fatal: unable to
- exim sometimes requeues messages after local_scan()
- This Version of Cisco IOS Software is not supportedonNPE300
- Latest sa-stats from last week
- Latest sa-stats from last week