beren beren wrote: > Hi. > Is it possible to make admin Bob unable to edit accounts (delete, create, > change passwords)created this year ? There is an idea to move them to a group > or OU > and give Bob the rights to write only there. Is there a more elegant solution > ? > Sure, use a filter like (createTimestamp>=20220101000000) in the ACL.
-- -- Howard Chu CTO, Symas Corp. http://www.symas.com Director, Highland Sun http://highlandsun.com/hyc/ Chief Architect, OpenLDAP http://www.openldap.org/project/
