Hello, Ticket https://fedorahosted.org/389/ticket/47553, is a 389-ds enhancement to allow a finer access control during a MODDN (new superior) operation. The use case being to allow/deny a bound user to move an entry from one specified part of the DIT to an other part. This without the need to grant the ADD permission.
I started a design of it http://port389.org/wiki/Access_control_on_trees_specified_in_MODDN_operation. Comments are welcomed. regards thierry
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel