directory-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Przybylski <mi...@gimmethebrain.net>
Subject [ApacheDS] Protecting entries with specific objectClass attribute values
Date Mon, 06 Jan 2014 22:22:49 GMT
Hello,

I’m trying to lock down what my (Atlassian) Crowd server can do to my directory, and one
of the things I DON’T want my crowd server to do is delete any users with objectClass=posixAccount.

However, the following…

                protectedItems 
                {
                    entry,
                    attributeValue {objectclass=posixAccount } 
                }
                ,
                grantsAndDenials { denyRemove } 

…prevents the deletion of any entries.

Is protecting an entry with a specific objectClass attribute value even possible?  If so,
how do I configure the prescriptiveACI properly?

Best regards,
Mike Przybylski
Mime
View raw message