directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Przybylski <>
Subject [ApacheDS] Protecting entries with specific objectClass attribute values
Date Mon, 06 Jan 2014 22:22:49 GMT

I’m trying to lock down what my (Atlassian) Crowd server can do to my directory, and one
of the things I DON’T want my crowd server to do is delete any users with objectClass=posixAccount.

However, the following…

                    attributeValue {objectclass=posixAccount } 
                grantsAndDenials { denyRemove } 

…prevents the deletion of any entries.

Is protecting an entry with a specific objectClass attribute value even possible?  If so,
how do I configure the prescriptiveACI properly?

Best regards,
Mike Przybylski
View raw message