From: Pierangelo Masarati Date: Sat, 20 May 2006 11:12:05 +0000 (+0000) Subject: clarify the required access to add the suffix of a database (consequence of ITS#4552) X-Git-Tag: OPENLDAP_REL_ENG_2_4_3ALPHA~9^2~232 X-Git-Url: https://git.sur5r.net/?a=commitdiff_plain;h=e5fc7845fcba0f49ca1fde164f535d25bfd8ad16;p=openldap clarify the required access to add the suffix of a database (consequence of ITS#4552) --- diff --git a/doc/man/man5/slapd.access.5 b/doc/man/man5/slapd.access.5 index fd3fa6dd86..091cd9a8f1 100644 --- a/doc/man/man5/slapd.access.5 +++ b/doc/man/man5/slapd.access.5 @@ -860,11 +860,13 @@ as the first access rule. As a consequence, unless the operation is performed with the .B updatedn identity, control is passed straight to the subsequent rules. + .SH OPERATION REQUIREMENTS Operations require different privileges on different portions of entries. The following summary applies to primary database backends such as the BDB and HDB backends. Requirements for other backends may (and often do) differ. + .LP The .B add @@ -877,6 +879,10 @@ of the entry being added, and privileges on the pseudo-attribute .B children of the entry's parent. +When adding the suffix entry of a database, write access to +.B children +of the empty DN ("") is required. + .LP The .B bind @@ -884,12 +890,14 @@ operation, when credentials are stored in the directory, requires .B auth (=x) privileges on the attribute the credentials are stored in (usually .BR userPassword ). + .LP The .B compare operation requires .B compare (=c) privileges on the attribute that is being compared. + .LP The .B delete @@ -902,12 +910,14 @@ of the entry being deleted, and privileges on the .B children pseudo-attribute of the entry's parent. + .LP The .B modify operation requires .B write (=w) privileges on the attributes being modified. + .LP The .B modrdn @@ -927,6 +937,7 @@ privileges are also required on the attributes that are present in the old relative DN if .B deleteoldrdn is set to 1. + .LP The .B search @@ -959,6 +970,7 @@ access to the attribute holding the referral information (generally the .B ref attribute). + .LP Some internal operations and some .B controls