On Tue, Aug 02, 2005 at 03:01:39PM +0200, Tomas Fasth wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > Andreas Barth skrev: > > * Thijs Kinkhorst (kink@squirrelmail.org) [050802 13:41]: > >>And even then, appearently the DAM works like this: I approve person X, > >>let's check his box, but I'll add the account at some point later on (this > >>takes weeks on average). When you check the box you might add the account > >>aswell when you're at it, right? > > Just that the person who checks the reports is not root in Debian's ldap > > system. > There is delegation and group access available in OpenLDAP. So, one > would not need to have write access to the whole directory tree, > only to the necessary branches. I'm amused that you think there's anything in Debian's LDAP directory *besides the user accounts themselves that you're proposing to give people access to* that would warrant this level of granular access control. -- Steve Langasek postmodern programmer
Attachment:
signature.asc
Description: Digital signature