>>> Raul Hernandez <[email protected]> schrieb am 16.09.2014 um 23:36 in
Nachricht
<CAL3GdwNJfDBDvwHmxFntggndsRC=wz+shm0lvebbyqem3zg...@mail.gmail.com>:
[...]
> the my HDB access configuration, and realize that my chaining
> (cn=syncrepluser,ou=security,dc=example,dc=com) user had "write"
> permissions on userPassword, pwdFailuretime, pwdChangedTime, pwdHistory,
> pwdAccountLockedTime attributes and that wasn't enough. I changed the
> "write" permission to "manage" and everything started working.
[...]
I read the slapd.access manual page, aand could not get it:
--
The level access model relies on an incremental interpretation of the
access privileges. The possible levels are none, disclose, auth, com-
pare, search, read, write, and manage. Each access level implies all
the preceding ones, thus manage grants all access including administra-
tive access. The write access is actually the combination of add and
delete, which respectively restrict the write privilege to add or
delete the specified <what>.
--
"administrative access" is nowhere explained. So what does "manage" allow that
"write" does not?
Regards,
Ulrich
