provide a useful example

author Pierangelo Masarati <ando@openldap.org>

Mon, 18 Jul 2005 17:24:07 +0000 (17:24 +0000)

committer Pierangelo Masarati <ando@openldap.org>

Mon, 18 Jul 2005 17:24:07 +0000 (17:24 +0000)
author Pierangelo Masarati <ando@openldap.org>
Mon, 18 Jul 2005 17:24:07 +0000 (17:24 +0000)
committer Pierangelo Masarati <ando@openldap.org>
Mon, 18 Jul 2005 17:24:07 +0000 (17:24 +0000)
diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5

index 8eea8a1b8d8534c1bdaaca4012d8efb3f0bafaff..7413ee6e07a602817152dbe664d7b0a3a0be8ddf 100644 (file)
--- a/doc/man/man5/slapd.access.5
+++ b/doc/man/man5/slapd.access.5
@@ -806,6 +806,25 @@ or the (even more silly) example
  .LP
  which grants everybody search and compare privileges, and adds read
  privileges to authenticated clients.
+.LP
+One useful application is to easily grant write privileges to an
+.B updatedn
+that is different from the
+.BR rootdn .
+In this case, since the
+.B updatedn
+needs write access to (almost) all data, one can use
+.LP
+.nf
+       access to *
+               by dn.exact="cn=The Update DN,dc=example,dc=com" write
+               by * break
+.fi
+.LP
+as the first access rule.
+As a consequence, unless the operation is performed with the 
+.B updatedn
+identity, control is passed straight to the subsequent rules.
  .SH OPERATION REQUIREMENTS
  Operations require different privileges on different portions of entries.
  The following summary applies to primary database backends such as
author	Pierangelo Masarati <ando@openldap.org>
	Mon, 18 Jul 2005 17:24:07 +0000 (17:24 +0000)
committer	Pierangelo Masarati <ando@openldap.org>
	Mon, 18 Jul 2005 17:24:07 +0000 (17:24 +0000)