From 9376e1bcaf90a83599c4102222b919dfd6526a91 Mon Sep 17 00:00:00 2001
From: matthew_swift <matthew_swift@localhost>
Date: Fri, 17 Sep 2010 22:21:02 +0000
Subject: [PATCH] More fixes to the sub-entry security model: add new subentry-write privilege; rename inheritFromBaseDN to inheritFromBaseRDN and restrict it to the root entry of the subentry scope; restrict DNs derived from inheritFromDNAttribute to the root entry of the subentry scope; remove band-aid subentry write access global ACI.

---
 opends/src/server/org/opends/server/core/CoreConfigManager.java |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/opends/src/server/org/opends/server/core/CoreConfigManager.java b/opends/src/server/org/opends/server/core/CoreConfigManager.java
index 81b1ecf..51b9b65 100644
--- a/opends/src/server/org/opends/server/core/CoreConfigManager.java
+++ b/opends/src/server/org/opends/server/core/CoreConfigManager.java
@@ -326,6 +326,9 @@
           case UPDATE_SCHEMA:
             disabledPrivileges.add(Privilege.UPDATE_SCHEMA);
             break;
+          case SUBENTRY_WRITE:
+            disabledPrivileges.add(Privilege.SUBENTRY_WRITE);
+            break;
         }
       }
     }

--
Gitblit v1.10.0