mirror/openldap
2
0
Fork 0
mirror of https://git.openldap.org/openldap/openldap.git synced 2025-03-07 14:18:15 +08:00
Code Issues Packages Projects Releases Wiki Activity

Clarify new "entry" ACLs

Browse Source
This commit is contained in:
Kurt Zeilenga 2002-10-10 04:27:23 +00:00
parent 1ca552dff7
commit dd3279eab0
1 changed files with 7 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
doc/guide/admin/slapdconfig.sdf
View File

@ -650,11 +650,13 @@ There are two special {{psuedo}} attributes {{EX:entry}} and
{{EX:children}}. To read (and hence return) an target entry, the
subject must have {{EX:read}} access to the target's {{entry}}
attribute. To add or delete an entry, the subject must have
{{EX:write}} access to the entry's parent's {{EX:children}} attribute.
To rename an entry, the subject must have {{EX:write}} access to
both the old parent's and new parent's {{EX:children}} attributes.
The complete examples at the end of this section should help clear
things up.
{{EX:write}} access to the entry's {{EX:entry}} attribute AND must
have {{EX:write}} access to the entry's parent's {{EX:children}}
attribute. To rename an entry, the subject must have {{EX:write}}
access to entry's {{EX:entry}} attribute AND have {{EX:write}}
access to both the old parent's and new parent's {{EX:children}}
attributes. The complete examples at the end of this section should
help clear things up.
Lastly, there is a special entry selector {{EX:"*"}} that is used to
select any entry. It is used when no other {{EX:<what>}}