> On May 22, 2023, at 12:58 PM, Quanah Gibson-Mount <qua...@fast-mail.org> > wrote: > > --On Sunday, May 21, 2023 11:09 AM +0000 sysadm+ldap-techni...@rolep.work > wrote: > >> Hello, >> Is there any way to approve (past or future) DIT changes by more than one >> people? OpeLDAP has ACL sets, I know. But I don't understand, how (or >> even can I) to use it forr approve changes in (part of) DIT by two or >> more people (must not singly, but whole set of people). > > You'd have to set up an external process to run changes through that requires > approval, and then in some way pushes the changes into LDAP. Quite frankly > having an approval process for making changes to the contents of the data in > a database seems rather... odd. >
A common scenario in Identity Management workflows. For example, two managers must approve any user being assigned [some powerful group/role]. Having said that, it’s beyond the scope of OpenLDAP. Falls into the space of IdM systems, for which OpenLDAP is just one of many resources. > --Quanah
