From 9376e1bcaf90a83599c4102222b919dfd6526a91 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 17 Sep 2010 22:21:02 +0000
Subject: [PATCH] More fixes to the sub-entry security model: add new subentry-write privilege; rename inheritFromBaseDN to inheritFromBaseRDN and restrict it to the root entry of the subentry scope; restrict DNs derived from inheritFromDNAttribute to the root entry of the subentry scope; remove band-aid subentry write access global ACI.

---
 opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml |    7 +++++++
 1 files changed, 7 insertions(+), 0 deletions(-)

diff --git a/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml b/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
index e493841..42ea75c 100644
--- a/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
+++ b/opends/src/admin/defn/org/opends/server/admin/std/RootDNConfiguration.xml
@@ -76,6 +76,7 @@
         <adm:value>update-schema</adm:value>
         <adm:value>privilege-change</adm:value>
         <adm:value>unindexed-search</adm:value>
+        <adm:value>subentry-write</adm:value>
       </adm:defined>
     </adm:default-behavior>
     <adm:syntax>
@@ -210,6 +211,12 @@
             that cannot be optimized using server indexes.
           </adm:synopsis>
         </adm:value>
+        <adm:value name="subentry-write">
+          <adm:synopsis>
+            Allows the associated user to perform LDAP subentry write
+            operations.
+          </adm:synopsis>
+        </adm:value>
       </adm:enumeration>
     </adm:syntax>
     <adm:profile name="ldap">

--
Gitblit v1.10.0