Howard Chu wrote:
Kurt Zeilenga wrote:
On Sep 27, 2008, at 8:59 AM, Emmanuel Dreyfus wrote:
Hello
Right now, slapd ignore attribute ACL when performing an add
operation.
I note that this is the expected behavior, been so for many, many years.
Yes, but it never really made much sense - it means you can be forbidden
from modifying an existing record to contain certain privileged data,
but not forbidden from creating records with privileged data. It makes
sense to me that your ability to create particular data values should
not depend on whether you're creating it for the very first time, or
some subsequent time.
(Coming at it from the opposite direction, Delete of course requires you
to permit the Delete even if certain attributes are read-only; since
every entry contains read-only operational attributes, deletes would be
impossible without this provision.)
Well, the user doesn't add operational attrs either, so it is perfectly
symmetric that read-only attributes are automatically destroyed by users
with "delete" permission on "entry".
In any case, I note that fixing this issue broke test006 (at least).
p.
Ing. Pierangelo Masarati
OpenLDAP Core Team
SysNet s.r.l.
via Dossi, 8 - 27100 Pavia - ITALIA
http://www.sys-net.it
-----------------------------------
Office: +39 02 23998309
Mobile: +39 333 4963172
Fax: +39 0382 476497
Email: [EMAIL PROTECTED]
-----------------------------------
