Considering to use LDAP write operations with MOD_INCREMENT with
pre-read-control for uidNumber/gidNumber generation I'd like to reduce
write access to an Integer attribute "nextID" to MOD_INCREMENT.
(Uniqueness is achieved with slapo-unique anyway but still I'd like to
avoid users messing with this attribute).
I suspect the ideal solution results in a feature request for a new
privilege "i". ;-)
by group=... =ri
Or at least avoid that someone sets the value to a lower value.
Maybe this can be achieved with slapo-constraint.
Any more ideas?