Hello,
I’m trying to lock down what my (Atlassian) Crowd server can do to my
directory, and one of the things I DON’T want my crowd server to do is delete
any users with objectClass=posixAccount.
However, the following…
protectedItems
{
entry,
attributeValue {objectclass=posixAccount }
}
,
grantsAndDenials { denyRemove }
…prevents the deletion of any entries.
Is protecting an entry with a specific objectClass attribute value even
possible? If so, how do I configure the prescriptiveACI properly?
Best regards,
Mike Przybylski
