mirror of
https://git.openldap.org/openldap/openldap.git
synced 2024-12-21 03:10:25 +08:00
clarify the required access to add the suffix of a database (consequence of ITS#4552)
This commit is contained in:
parent
fa2425005a
commit
e5fc7845fc
@ -860,11 +860,13 @@ as the first access rule.
|
||||
As a consequence, unless the operation is performed with the
|
||||
.B updatedn
|
||||
identity, control is passed straight to the subsequent rules.
|
||||
|
||||
.SH OPERATION REQUIREMENTS
|
||||
Operations require different privileges on different portions of entries.
|
||||
The following summary applies to primary database backends such as
|
||||
the BDB and HDB backends. Requirements for other backends may
|
||||
(and often do) differ.
|
||||
|
||||
.LP
|
||||
The
|
||||
.B add
|
||||
@ -877,6 +879,10 @@ of the entry being added, and
|
||||
privileges on the pseudo-attribute
|
||||
.B children
|
||||
of the entry's parent.
|
||||
When adding the suffix entry of a database, write access to
|
||||
.B children
|
||||
of the empty DN ("") is required.
|
||||
|
||||
.LP
|
||||
The
|
||||
.B bind
|
||||
@ -884,12 +890,14 @@ operation, when credentials are stored in the directory, requires
|
||||
.B auth (=x)
|
||||
privileges on the attribute the credentials are stored in (usually
|
||||
.BR userPassword ).
|
||||
|
||||
.LP
|
||||
The
|
||||
.B compare
|
||||
operation requires
|
||||
.B compare (=c)
|
||||
privileges on the attribute that is being compared.
|
||||
|
||||
.LP
|
||||
The
|
||||
.B delete
|
||||
@ -902,12 +910,14 @@ of the entry being deleted, and
|
||||
privileges on the
|
||||
.B children
|
||||
pseudo-attribute of the entry's parent.
|
||||
|
||||
.LP
|
||||
The
|
||||
.B modify
|
||||
operation requires
|
||||
.B write (=w)
|
||||
privileges on the attributes being modified.
|
||||
|
||||
.LP
|
||||
The
|
||||
.B modrdn
|
||||
@ -927,6 +937,7 @@ privileges are also required on the attributes that are present
|
||||
in the old relative DN if
|
||||
.B deleteoldrdn
|
||||
is set to 1.
|
||||
|
||||
.LP
|
||||
The
|
||||
.B search
|
||||
@ -959,6 +970,7 @@ access to the attribute holding the referral information
|
||||
(generally the
|
||||
.B ref
|
||||
attribute).
|
||||
|
||||
.LP
|
||||
Some internal operations and some
|
||||
.B controls
|
||||
|
Loading…
Reference in New Issue
Block a user