Considering to use LDAP write operations with MOD_INCREMENT with pre-read-control for uidNumber/gidNumber generation I'd like to reduce write access to an Integer attribute "nextID" to MOD_INCREMENT. (Uniqueness is achieved with slapo-unique anyway but still I'd like to avoid users messing with this attribute).

I suspect the ideal solution results in a feature request for a new privilege "i". ;-)

access to
    by group=... =ri

Or at least avoid that someone sets the value to a lower value.
Maybe this can be achieved with slapo-constraint.

Any more ideas?

Ciao, Michael.

Reply via email to