From 9376e1bcaf90a83599c4102222b919dfd6526a91 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 17 Sep 2010 22:21:02 +0000
Subject: [PATCH] More fixes to the sub-entry security model: add new subentry-write privilege; rename inheritFromBaseDN to inheritFromBaseRDN and restrict it to the root entry of the subentry scope; restrict DNs derived from inheritFromDNAttribute to the root entry of the subentry scope; remove band-aid subentry write access global ACI.

---
 opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml |    6 ++++++
 1 files changed, 6 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
index 20d24d7..c5d7c3c 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/GlobalConfiguration.xml
@@ -670,6 +670,12 @@
             that cannot be optimized using server indexes.
           </adm:synopsis>
         </adm:value>
+        <adm:value name="subentry-write">
+          <adm:synopsis>
+            Allows the associated user to perform LDAP subentry write
+            operations.
+          </adm:synopsis>
+        </adm:value>
       </adm:enumeration>
     </adm:syntax>
     <adm:profile name="ldap">

--
Gitblit v1.10.0