--On Friday, January 31, 2014 5:11 PM +0000 [email protected] wrote: > [email protected] wrote: >> What does administrative access mean? > > I can't describe the full meaning, only a specific use case: > > In some deployments I grant certain admins the right to remove > 'pwdHistory' attribute from an entry. Since this is an operational > attribute one has to grant also manage privilege for letting the client > remove the attribute in case it sends the Relax Rules control along with > the modify request. > > (yes, web2ldap implements this particular use case ;-) > > Example: > > access to > attrs=pwdHistory > by group="cn=all-mighty admins,dc=example,dc=com" =zm > by * none > > AFAIK this also applies to altering other operational attributes by using > Relax Rules control. > > Maybe you can take this as a start for a more general text.
Great example, thanks! --Quanah -- Quanah Gibson-Mount Architect - Server Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration
